README.md

AWS SRA IAM Access Analyzer Solution with Terraform

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: CC-BY-SA-4.0

---

⚠️Influence the future of the AWS Security Reference Architecture (AWS SRA) code library by taking a short survey.

Table of Contents

• Introduction
• Deployed Resource Details
• Implementation Instructions
• Requirements
• Providers
• Modules
• Resources
• Inputs
• Outputs

---

Introduction

This Terraform module deploys the IAM Access Analyzer AWS SRA solution.

The common pre-requisite solution must be installed, in the management account, prior to installing this solution.

Information on the resources deployed as well as terraform requirements, providers, modules, resources, and inputs of this module are documented below.

Please navigate to the installing the AWS SRA Solutions section of the documentation for more information and installation instructions.

For the CloudFormation version of this AWS SRA solution as well as more information please navigate to the AWS SRA IAM access analyzer solution documentation page.

---

Deployed Resource Details

1.0 Organization Management Account

1.1 AWS Organizations

• See 1.2 AWS Organizations

1.2 Account AWS IAM Access Analyzer

• See 1.3 Account AWS IAM Access Analyzer

---

2.0 Audit Account (Security Tooling)

2.1 Account AWS IAM Access Analyzer

• See 2.2 Account AWS IAM Access Analyzer

2.2 Organization AWS IAM Access Analyzer

• See 2.3 Organization AWS IAM Access Analyzer

---

3.0 All Existing and Future Organization Member Accounts

3.1 Account AWS IAM Access Analyzer

• See 3.2 Account AWS IAM Access Analyzer

---

Implementation Instructions

Please navigate to the installing the AWS SRA Solutions section of the documentation for installation instructions.

---

Requirements

Name	Version
aws	>= 5.1.0

Providers

Name	Version
aws	>= 5.1.0

Modules

Name	Source	Version
account_analyzer	./account	n/a
org_analyzer	./org	n/a

Resources

Name	Type
aws_caller_identity.current	data source
aws_partition.current	data source
aws_region.current	data source

Inputs

Name	Description	Type	Default	Required
access_analyzer_name_prefix	Access Analyzer Name Prefix. The Account ID will be appended to the name.	string	"sra-account-access-analyzer"	no
account_id	Current Account ID	string	n/a	yes
audit_account_id	AWS Account ID of the Control Tower Audit account.	string	n/a	yes
home_region	Name of the Control Tower home region	string	n/a	yes
log_archive_account_id	AWS Account ID of the Control Tower Log Archive account.	string	n/a	yes
org_access_analyzer_name	Organization Access Analyzer Name	string	"sra-organization-access-analyzer"	no
sra_solution_name	The SRA solution name. The default value is the folder name of the solution	string	"sra-iam-access-analyzer"	no

Outputs

No outputs.