UPD: added more resources to roles_iam_resources module

layers/security_identity_compliance/iam_roles/main.tf

@@ -1,7 +1,7 @@
 data aws_caller_identity this {}
 
-module cloudtrail-cwl {
+module iam-module {
-  source = "../../../modules/security_identity_compliance/job-function-roles"
+  source = "../../../modules/security_identity_compliance/roles_iam_resources"
   application = var.application
   environment = var.environment
   customer-name = var.customer-name

modules/security_identity_compliance/roles_iam_resources/access-analyzer.tf

@@ -0,0 +1,4 @@
+resource "aws_accessanalyzer_analyzer" "iam-aa" {
+  analyzer_name = "IAMAcecssAnalyzer"
+  tags = var.default-tags
+}

modules/security_identity_compliance/roles_iam_resources/iam-password-policy.tf

@@ -0,0 +1,11 @@
+resource "aws_iam_account_password_policy" "password-policy1" {
+  minimum_password_length        = 14
+  require_lowercase_characters   = true
+  require_numbers                = true
+  require_uppercase_characters   = true
+  require_symbols                = true
+  allow_users_to_change_password = true
+  max_password_age = 90
+  password_reuse_prevention = 24
+  hard_expiry = true
+}