terraform.aws-baseline-infra/modules/security_identity_compliance/terraform-user/main.tf

module "terraform-user" {
  source = "../iam-user"

  create-access-key   = true
  create-password     = false
  default-tags        = var.default-tags
  iam-user-name       = "${var.user-name}-${formatdate("YYYYMMDD_hhmm", timestamp())}"
  managed-policy-arns = lookup(local.CannedPoliciesByServiceCategory, var.service-category)
  pgp-key             = var.gpg-key
}

locals {
  CannedPoliciesByServiceCategory = {
    NetworkingContentDelivery = [
      "arn:aws:iam::aws:policy/NetworkAdministrator",
      "arn:aws:iam::aws:policy/AmazonRoute53FullAccess",
      "arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess"
    ]
    SecurityIdentityCompliance = [
      "arn:aws:iam::aws:policy/IAMFullAccess",
      "arn:aws:iam::aws:policy/SecurityAudit",
      "arn:aws:iam::aws:policy/AWSSecurityHubFullAccess",
      "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess",
      "arn:aws:iam::aws:policy/AmazonInspectorFullAccess",
      "arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator",
      "arn:aws:iam::aws:policy/AWSOrganizationsFullAccess",
      "arn:aws:iam::aws:policy/WellArchitectedConsoleFullAccess",
      "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser",
      "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess"
    ]
    ManagementGovernance = [
      "arn:aws:iam::aws:policy/CloudWatchFullAccess",
      "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",
      "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess",
      "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess",
      "arn:aws:iam::aws:policy/AmazonSSMFullAccess",
      "arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess",
      "arn:aws:iam::aws:policy/AWSOrganizationsFullAccess",
      "arn:aws:iam::aws:policy/AmazonSQSFullAccess",
      "arn:aws:iam::aws:policy/AmazonSNSFullAccess",
      "arn:aws:iam::aws:policy/AWSCloudFormationFullAccess"
    ]
    Compute = [
      "arn:aws:iam::aws:policy/AmazonEC2FullAccess",
      "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin",
      "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess",
      "arn:aws:iam::aws:policy/AutoScalingFullAccess",
      "arn:aws:iam::aws:policy/AWSImageBuilderFullAccess",
      "arn:aws:iam::aws:policy/AWSBackupFullAccess"
    ]
    Containers = [
      "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess",
      "arn:aws:iam::aws:policy/AmazonECS_FullAccess",
      "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
    ]
    Storage = [
      "arn:aws:iam::aws:policy/AmazonS3FullAccess",
      "arn:aws:iam::aws:policy/AmazonEC2FullAccess",
      "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess",
      "arn:aws:iam::aws:policy/AmazonFSxFullAccess",
      "arn:aws:iam::aws:policy/AmazonGlacierFullAccess",
      "arn:aws:iam::aws:policy/AWSBackupFullAccess"
    ]
    Database = [
      "arn:aws:iam::aws:policy/DatabaseAdministrator",
      "arn:aws:iam::aws:policy/AWSBackupFullAccess"
    ]
    DeveloperTools = [
      "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess",
      "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess",
      "arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess"
    ]
    Analytics = [
      "arn:aws:iam::aws:policy/AmazonOpenSearchServiceFullAccess",
      "arn:aws:iam::aws:policy/AmazonMSKFullAccess",
      "arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2",
      "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess"
    ]
    MachineLearning = [
      "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
      "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess",
      "arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess",
      "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess"
    ]
    Serverless = [
      "arn:aws:iam::aws:policy/AWSLambda_FullAccess",
      "arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk",
      "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator",
      "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess",
      "arn:aws:iam::aws:policy/AmazonSESFullAccess",
      "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin"
    ]
  }


}
NEW: pushing in some old stuff 2024-02-09 10:20:29 +08:00			`module "terraform-user" {`
			`source = "../iam-user"`

			`create-access-key = true`
			`create-password = false`
			`default-tags = var.default-tags`
			`iam-user-name = "${var.user-name}-${formatdate("YYYYMMDD_hhmm", timestamp())}"`
			`managed-policy-arns = lookup(local.CannedPoliciesByServiceCategory, var.service-category)`
			`pgp-key = var.gpg-key`
			`}`

			`locals {`
			`CannedPoliciesByServiceCategory = {`
			`NetworkingContentDelivery = [`
			`"arn:aws:iam::aws:policy/NetworkAdministrator",`
			`"arn:aws:iam::aws:policy/AmazonRoute53FullAccess",`
			`"arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess"`
			`]`
			`SecurityIdentityCompliance = [`
			`"arn:aws:iam::aws:policy/IAMFullAccess",`
			`"arn:aws:iam::aws:policy/SecurityAudit",`
			`"arn:aws:iam::aws:policy/AWSSecurityHubFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonInspectorFullAccess",`
			`"arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator",`
			`"arn:aws:iam::aws:policy/AWSOrganizationsFullAccess",`
			`"arn:aws:iam::aws:policy/WellArchitectedConsoleFullAccess",`
			`"arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser",`
			`"arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess"`
			`]`
			`ManagementGovernance = [`
			`"arn:aws:iam::aws:policy/CloudWatchFullAccess",`
			`"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",`
			`"arn:aws:iam::aws:policy/CloudWatchEventsFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonSSMFullAccess",`
			`"arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess",`
			`"arn:aws:iam::aws:policy/AWSOrganizationsFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonSQSFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonSNSFullAccess",`
			`"arn:aws:iam::aws:policy/AWSCloudFormationFullAccess"`
			`]`
			`Compute = [`
			`"arn:aws:iam::aws:policy/AmazonEC2FullAccess",`
			`"arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin",`
			`"arn:aws:iam::aws:policy/AWSMarketplaceFullAccess",`
			`"arn:aws:iam::aws:policy/AutoScalingFullAccess",`
			`"arn:aws:iam::aws:policy/AWSImageBuilderFullAccess",`
			`"arn:aws:iam::aws:policy/AWSBackupFullAccess"`
			`]`
			`Containers = [`
			`"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonECS_FullAccess",`
			`"arn:aws:iam::aws:policy/AmazonEC2FullAccess"`
			`]`
			`Storage = [`
			`"arn:aws:iam::aws:policy/AmazonS3FullAccess",`
			`"arn:aws:iam::aws:policy/AmazonEC2FullAccess",`
			`"arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonFSxFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonGlacierFullAccess",`
			`"arn:aws:iam::aws:policy/AWSBackupFullAccess"`
			`]`
			`Database = [`
			`"arn:aws:iam::aws:policy/DatabaseAdministrator",`
			`"arn:aws:iam::aws:policy/AWSBackupFullAccess"`
			`]`
			`DeveloperTools = [`
			`"arn:aws:iam::aws:policy/AWSCodeCommitFullAccess",`
			`"arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess",`
			`"arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess"`
			`]`
			`Analytics = [`
			`"arn:aws:iam::aws:policy/AmazonOpenSearchServiceFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonMSKFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2",`
			`"arn:aws:iam::aws:policy/AmazonRedshiftFullAccess"`
			`]`
			`MachineLearning = [`
			`"arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess",`
			`"arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess",`
			`"arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess"`
			`]`
			`Serverless = [`
			`"arn:aws:iam::aws:policy/AWSLambda_FullAccess",`
			`"arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk",`
			`"arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator",`
			`"arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonSESFullAccess",`
			`"arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin"`
			`]`
			`}`


			`}`