class Terrafying::Components::Security::IAM

Public Class Methods

create(*args) click to toggle source
# File lib/terrafying/components/security/iam.rb, line 12
def self.create(*args)
  IAM.new.create(*args)
end

Public Instance Methods

create( support_assume_policy:, password_policy: {} ) click to toggle source
# File lib/terrafying/components/security/iam.rb, line 16
def create(
      support_assume_policy:,
      password_policy: {}
    )

  # 1.5 Ensure IAM password policy requires at least one uppercase letter
  # 1.6 Ensure IAM password policy require at least one lowercase letter
  # 1.7 Ensure IAM password policy require at least one symbol
  # 1.8 Ensure IAM password policy require at least one number
  # 1.9 Ensure IAM password policy requires minimum length of 14 or greater
  # 1.10        Ensure IAM password policy prevents password reuse
  # 1.11        Ensure IAM password policy expires passwords within 90 days or less
  resource :aws_iam_account_password_policy, "strict", {
             require_uppercase_characters: true,
             require_lowercase_characters: true,
             require_symbols: true,
             require_numbers: true,
             minimum_password_length: 14,
             allow_users_to_change_password: true,
             password_reuse_prevention: true,
             max_password_age: 90,
           }.merge(password_policy)

  # 1.20        Ensure a support role has been created to manage incidents with AWS Support
  support_role = resource :aws_iam_role, "support", {
                            name: "support",
                            assume_role_policy: support_assume_policy,
                          }

  resource :aws_iam_role_policy_attachment, "support_policy", {
             role: support_role,
             policy_arn: "arn:aws:iam::aws:policy/AWSSupportAccess",
           }

  self
end