p0bailey/mfa.tf

## mfa.tf
resource "aws_iam_group" "ec2Admins" {
  name = "ec2Admins"
}

resource "aws_iam_group_policy" "force_MFA_on_apikeys_policy" {
  name       = "force_MFA_on_apikeys_policy"
  group      = "${aws_iam_group.ec2Admins.id}"
  depends_on = ["aws_iam_group.ec2Admins"]

  policy     = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": "*",
      "Condition": {
        "Bool": {
          "aws:MultiFactorAuthPresent": "true"
        }
      }
    }
  ]
}
EOF
}
	resource "aws_iam_group" "ec2Admins" {
	name = "ec2Admins"
	}

	resource "aws_iam_group_policy" "force_MFA_on_apikeys_policy" {
	name = "force_MFA_on_apikeys_policy"
	group = "${aws_iam_group.ec2Admins.id}"
	depends_on = ["aws_iam_group.ec2Admins"]

	policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": "ec2:*",
	"Resource": "*",
	"Condition": {
	"Bool": {
	"aws:MultiFactorAuthPresent": "true"
	}
	}
	}
	]
	}
	EOF
	}