Top / Amazon Web Service / AWS IAM / Account

AWS IAM Account

This page shows how to write Terraform for IAM Account and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_organizations_account (Terraform)

The Account in IAM can be configured in Terraform with the resource name aws_organizations_account. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L20
resource "aws_organizations_account" "developer_account" {
  name  = "developer-account"
  email = "developer-account@its.org"

  # Parent Organizational Unit ID
  # Defaults to the Organization default Root ID
main.tf#L20
resource "aws_organizations_account" "shared-services" {
  name = "shared-services"
  email = var.shared_services_account_email
}

#terragrunt import aws_organizations_account.development xxxxx
main.tf#L15
resource "aws_organizations_account" "shared-services" {
  name = "shared-services"
  email = var.shared_services_account_email
}

#terragrunt import aws_organizations_account.development xxxxx
organization.tf#L11
resource "aws_organizations_account" "cd" {
  name  = "thilina-thesis-cd"
  email = "dummyuser+cd@gmail.com"
}

resource "aws_organizations_account" "logging" {
accounts.tf#L1
resource "aws_organizations_account" "logging" {
  name      = var.log_name
  email     = var.log_email
  role_name = var.role_name
  parent_id = var.managed_parent
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides a resource to create a member account in the current organization.

Note: Account management must be done from the organization's master account. !> WARNING: Deleting this Terraform resource will only remove an AWS account from an organization. Terraform will not close the account. The member account must be prepared to be a standalone account beforehand. See the AWS Organizations documentation for more information.

>> from Terraform Registry

Tips: Best Practices for The Other AWS IAM Resources

In addition to the aws_iam_account_password_policy, AWS IAM has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_iam_account_password_policy

Ensure AWS IAM account password policies requires long passwords

It's better to enforce the use of long and complex passwords to reduce the risk of bruteforce attacks.

Review your AWS IAM settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

CloudFormation Example

CloudFormation code does not have the related resource.

The Other Related AWS IAM Resources

Frequently asked questions

What is AWS IAM Account?

AWS IAM Account is a resource for IAM of Amazon Web Service. Settings can be wrote in Terraform.

Where can I find the example code for the AWS IAM Account?

For Terraform, the alessanderviana/its-poc, petersiemen/aws-multiple-account-ci-cd and petersiemen/cross-account-multi-region-ci-cd-pipeline-on-aws source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents