A Terraform module to bootstrap the creation of an IAM Role in an AWS
Account when new accounts are created within AWS Organizations.
This module creates a new IAM role, attaches an AWS-managed permission
policy, and sets the trust policy to the provided JSON-formatted string.
This module uses CloudWatch Events to identify when new accounts are
added or invited to an AWS Organization, and triggers a Lambda function
to create the IAM role.
Testing
To set up and run tests:
# Ensure the dependencies are installed on your system.
make python/deps
make pytest/deps
# Start up a mock AWS stack:
make mockstack/up
# Run unit tests:
make docker/run target=pytest/lambda/tests
# Run tests against the Terraform configuration:
make mockstack/pytest/lambda
# Shut down the mock AWS stack and clean up the docker image:
make mockstack/clean