Skip to content

Commit

Permalink
Merge pull request #16 from lacework/afiune/aws/iam_role/external_id
Browse files Browse the repository at this point in the history 
fix(aws): configure an External ID in IAM Role
  • Loading branch information
@scottford-lw
scottford-lw authored Mar 27, 2020
2 parents b31c772 + 572dc97 commit 2a70585
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
7 changes: 6 additions & 1 deletion aws/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,12 @@ resource "aws_iam_role" "lacework_iam_role" {
"Principal": {
"AWS": "arn:aws:iam::${var.lacework_aws_account_id}:root"
},
"Action": "sts:AssumeRole"
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "${var.external_id}"
}
}
}
}
EOF
Expand Down
4 changes: 4 additions & 0 deletions aws/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@ variable "bucket_name" {
default = "lacework-cloudtrail-bucket"
}

variable "external_id" {
default = "12345"
}

variable "iam_role_name" {
default = "lacework_iam_role"
}
Expand Down

0 comments on commit 2a70585

Please sign in to comment.