AWS IAM Delegated ADMinistrator
This page shows how to write Terraform for IAM Delegated ADMinistrator and write them securely.
aws_organizations_delegated_administrator (Terraform)
The Delegated ADMinistrator in IAM can be configured in Terraform with the resource name aws_organizations_delegated_administrator. The following sections describe 3 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_organizations_delegated_administrator" "security_usr_admin" {
count=var.enable_acc_sa ? 1 : 0
account_id = aws_organizations_account.account_user3.0.id
service_principal = "guardduty.amazonaws.com"
}
resource "aws_organizations_delegated_administrator" "security_usr_admin" {
count=var.enable_acc_sa ? 1 : 0
account_id = aws_organizations_account.account_user3.0.id
service_principal = "guardduty.amazonaws.com"
}
resource "aws_organizations_delegated_administrator" "security_usr_admin" {
account_id = aws_organizations_account.account_user3.id
service_principal = "guardduty.amazonaws.com"
}
##########################################################################################################
Parameters
The following arguments are supported:
account_id- (Required) The account ID number of the member account in the organization to register as a delegated administrator.service_principal- (Required) The service principal of the AWS service for which you want to make the member account a delegated administrator.
In addition to all arguments above, the following attributes are exported:
id- The unique identifier (ID) of the delegated administrator.arn- The Amazon Resource Name (ARN) of the delegated administrator's account.delegation_enabled_date- The date when the account was made a delegated administrator.email- The email address that is associated with the delegated administrator's AWS account.joined_method- The method by which the delegated administrator's account joined the organization.joined_timestamp- The date when the delegated administrator's account became a part of the organization.name- The friendly name of the delegated administrator's account.status- The status of the delegated administrator's account in the organization.
Explanation in Terraform Registry
Provides a resource to manage an AWS Organizations Delegated Administrator.
Tips: Best Practices for The Other AWS IAM Resources
In addition to the aws_iam_account_password_policy, AWS IAM has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_iam_account_password_policy
Ensure AWS IAM account password policies requires long passwords
It's better to enforce the use of long and complex passwords to reduce the risk of bruteforce attacks.
CloudFormation Example
CloudFormation code does not have the related resource.
Frequently asked questions
What is AWS IAM Delegated ADMinistrator?
AWS IAM Delegated ADMinistrator is a resource for IAM of Amazon Web Service. Settings can be wrote in Terraform.
Where can I find the example code for the AWS IAM Delegated ADMinistrator?
For Terraform, the ArulSaxena/terraform-pipeline, D3-jain/AWS-Landing-zone-components and D3-jain/AWS-Landing-zone-components source code examples are useful. See the Terraform Example section for further details.
