| Name | Version |
|---|---|
| terraform | >= 0.12.6 |
| aws | >= 2.70 |
| Name | Version |
|---|---|
| aws | >= 2.70 |
No modules.
| Name | Type |
|---|---|
| aws_iam_policy.cloud_trail_access_policy | resource |
| aws_iam_policy.controller_access_policy | resource |
| aws_iam_role.ciem_member_account_role | resource |
| aws_iam_role_policy_attachment.cloud_trail_access_policy | resource |
| aws_iam_role_policy_attachment.controller_access_policy | resource |
| aws_iam_policy.security_audit | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ciem_member_account_role_name | name of the iam role to access member account | string |
n/a | yes |
| ciem_oidc_provider_role_name | name of the iam role oidc provider can assume role into | string |
n/a | yes |
| cloudtrail_bucket_name | s3 bucket name where cloudtrail logs are stored | string |
"" |
no |
| enable_cloudtrail | enable cloudtrail if default cloudtrail account is not used | bool |
false |
no |
| enable_controller | enabling controller gives cloudknox permissions management the privileges to provide the privilege-on-demand feature | bool |
false |
no |
| oidc_provider_account_id | account id where oidc provider is created | string |
n/a | yes |
| tenant_id | id of the tenant where the application is created | string |
n/a | yes |
No outputs.