Implement according to terraform-aws-authenticating-secgroup

riboseinc / terraform-aws-iam-authenticating-group

Dynamically manage IAM group membership through an authenticated HTTPS endpoint

1 stars 2 forks source link

Implement according to terraform-aws-authenticating-secgroup #1

Closed ronaldtse closed 6 years ago

ronaldtse commented 6 years ago

We're going to share lots of code with https://github.com/riboseinc/terraform-aws-authenticating-secgroup . Not sure if we can extract some generalized framework from it, but at least it's straightforward to do 👍

phuonghuynh commented 6 years ago

Good idea, 👍

phuonghuynh commented 6 years ago

@ronaldtse it would be great if you have a sample usage in mind?

ronaldtse commented 6 years ago

Uploaded in #2

phuonghuynh commented 6 years ago

@ronaldtse the python API can help to do mapping user-group. So we are able to do dynamic authenticate users-groups. How about this config sample?

[
    {
        "group_names": ["group1", "group2"],
        "user_names": ["user1", "user2"],
        "region_name": "us-west-1"
    },
    {
        "group_names": ["group3"],
        "user_names": ["user1"],
        "region_name": "us-west-2"
    }
]

ronaldtse commented 6 years ago

Yes this is good -- I somehow missed the users... Using Python API is good too. Thanks, let's proceed!

ronaldtse commented 6 years ago

@phuonghuynh any updates so far? Thanks!

phuonghuynh commented 6 years ago

Creating/cleaning fake policies to persist timestamp. The usage will be changed a bit. PR will be submitted soon.

We need to keep in mind that there are limitations on IAM Entities including Policies, https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html

ronaldtse commented 6 years ago

Good to know, we're very eager to use it. Thanks!