Problem Statement:
I want to create and manage assume IAM Assume roles for multiple AWS accounts using Terraform.
Goal to achieve
- Creation of IAM Assume Roles in all the AWS accounts using Terraform module
Background
The IAM roles will exist in each account, and every account will have a different number of Assume roles given it is going to use by different teams with different size. Access to the account will be granted via a Jump AWS account from where a user will authenticate and then use Assume Role URL to switch accounts.
For, eg.
Account A has two IAM roles: admin_role and developer_role
Account B has three IAM roles: admin_role, poweruser_role and developer_role
Account C is a jump account, and it also has admin_role, poweruser_role and developer_role IAM role
User A log into Account C(with poweruser_role attached to them user) then assumes to Account B(this account has a trust relationship with Account C) using the same poweruser_role.
What would a proper Terraform IAM solution for this Multi Account Infrastructure setup?
This solution states how to have unique IAM roles for all the accounts but does not show how to handle when AWS roles are different for each account.
Thanks in advance.
