Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
terraform iam group aws api mfa protected plus ip lockdown
resource "aws_iam_group" "ec2Admins" {
name = "ec2Admins"
}
resource "aws_iam_group_policy" "force_MFA_on_apikeys_policy" {
name = "force_MFA_on_apikeys_policy"
group = "${aws_iam_group.ec2Admins.id}"
depends_on = ["aws_iam_group.ec2Admins"]
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "true"
},
"IpAddress": {
"aws:SourceIp": [
"my.office.ip.address/32"
]
}
}
}
]
}
EOF
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.