Delegate AWS service admin to dedicated accounts.
This module is designed to help delegate services from the Organization Management account. Currently supported delegation services are:
- IPAM
- Guardduty
- SecurityHub
- Macie2
- Inspector2
- Firewall Manager
| Name | Version |
|---|---|
| terraform | ~> 1.0 |
| aws | ~> 4.0 |
| Name | Version |
|---|---|
| aws | ~> 4.0 |
No modules.
| Name | Type |
|---|---|
| aws_fms_admin_account.this | resource |
| aws_guardduty_organization_admin_account.this | resource |
| aws_inspector2_delegated_admin_account.this | resource |
| aws_macie2_account.this | resource |
| aws_macie2_organization_admin_account.this | resource |
| aws_securityhub_organization_admin_account.this | resource |
| aws_vpc_ipam_organization_admin_account.this | resource |
| aws_caller_identity.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| firewall_manager_delegated | Enable Firewall Manager Delegated Admin | bool |
true |
no |
| guardduty_delegated | Enable GuardDuty Delegated Admin | bool |
true |
no |
| inspector2_delegated | Enable Inspector2 Delegated Admin | bool |
true |
no |
| ipam_delegated | Enable IPAM Delegated Admin | bool |
true |
no |
| macie2_delegated | Enable Macie2 Delegated Admin | bool |
true |
no |
| network_account_id | The AWS account ID of the network account | string |
n/a | yes |
| security_account_id | The AWS account ID of the security account | string |
n/a | yes |
| security_hub_delegated | Enable Security Hub Delegated Admin | bool |
true |
no |
No outputs.