37 lines
962 B
Markdown
37 lines
962 B
Markdown
|
# iam-user module
|
||
|
|
Module for creating IAM user. Credentials, if any, will be stored in secretsmanager
|
||
|
|
|
||
|
|
## Example
|
||
|
|
```terraform
|
||
|
|
module iam-user {
|
||
|
|
source = "../../modules/security_identity_compliance/iam-user"
|
||
|
|
|
||
|
|
default-tags = local.default-tags
|
||
|
|
iam-user-name = var.iam-user-name
|
||
|
|
iam-user-policy = data.aws_iam_policy_document.user-policy.json
|
||
|
|
create-access-key = false
|
||
|
|
create-password = false
|
||
|
|
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
|
||
|
|
}
|
||
|
|
|
||
|
|
data aws_iam_policy_document user-policy {
|
||
|
|
statement {
|
||
|
|
sid = "ManageOwnCredentials"
|
||
|
|
|
||
|
|
actions = [
|
||
|
|
"iam:ChangePassword",
|
||
|
|
"iam:CreateAccessKey",
|
||
|
|
"iam:DeleteAccessKey",
|
||
|
|
"iam:ListAccessKey",
|
||
|
|
"iam:CreateVirtualMFADevice",
|
||
|
|
"iam:EnableMFADevice",
|
||
|
|
"iam:ListMFA*",
|
||
|
|
"iam:ListVirtualMFA*",
|
||
|
|
"iam:ResyncMFADevice"
|
||
|
|
]
|
||
|
|
|
||
|
|
effect = "Allow"
|
||
|
|
resources = ["arn:aws:iam::account-id:user/${var.iam-user-name}"]
|
||
|
|
}
|
||
|
|
}
|
||
|
|
```
|