In this article let’s look into how we can Create IAM policies using AWS Lambda and attach it to an existing IAM role during deployment using terraform. Imagine a scenario where you are working in a multi AWS account environment and the lambda in the main account needs permissions on other accounts ( for assuming […]
Category: IAM
Don’t miss CloudWatch log group permissions
CloudWatch log group permissions are required in order for the log groups to receive events from a sources such as Cloud Watch Event rule. these permissions are added automatically when you create log groups using AWS Console. However when we use terraform to automate the process, these permissions should be added separately otherwise your log […]
Multiple Terraform providers and dynamic lookup
Multiple Terraform providers are helpful when you are working with multiple accounts (AWS) or working on a solution that spans across multiple accounts. You need an efficient way of defining Multiple Terraform providers to be able to lookup each provider dynamically. Following example uses terraform modules , refer to this article to understand how terraform […]
Terraform providers and modules
When we are working with terraform to create cloud infrastructure, one of the common use case is dealing with multiple terraform providers ( accounts, or entirely different providers). For example it may be a simple case of creating a S3 bucket in account A with cross account permissions and create the IAM role in account […]
IAM Permissions boundary – Best way to restrict permissions.
IAM permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity – read more about Permissions boundary on AWS Documentation page Watch this aws reinvent video to get familiar with IAM permissions boundary concept , start from 30 mins […]