AWS Security Reviewer

Description

Terraform module that automates the setup of roles and users needed to perform a security audit of AWS accounts in an Hub and Spoke model, as described in Cross Account Auditing in AWS and GCP.

In short, this module can be used to create:

  1. One role ("role_security_audit") in every AWS account (Hub + all the Spoke ones), with the built-in "SecurityAudit" policy attached to it.
  2. One role ("role_security_assume"), in the Hub account, able to assume the "role_security_audit" role on all the Spoke accounts.
  3. One IAM user ("user_security_audit"), in the Hub account, able to assume the "role_security_assume" role.