2024-03-26 15:32:59 +08:00
|
|
|
module "iam-group" {
|
2023-02-28 16:38:16 +08:00
|
|
|
source = "../../modules/security_identity_compliance/iam-group"
|
|
|
|
|
|
|
|
iam-group-name = "ViewOnlyUsers001"
|
|
|
|
iam-group-policy = ""
|
|
|
|
iam-group-policy-name = ""
|
|
|
|
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
|
|
|
|
}
|
|
|
|
|
2024-03-26 15:32:59 +08:00
|
|
|
module "iam-group2" {
|
2023-02-28 16:38:16 +08:00
|
|
|
source = "../../modules/security_identity_compliance/iam-group"
|
|
|
|
|
|
|
|
iam-group-name = "ViewOnlyAndS3Admin001"
|
|
|
|
iam-group-policy = data.aws_iam_policy_document.user-policy.json
|
|
|
|
iam-group-policy-name = "S3AdminPermissions"
|
|
|
|
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
|
|
|
|
}
|
|
|
|
|
2024-03-26 15:32:59 +08:00
|
|
|
module "iam-user1" {
|
2023-02-28 16:38:16 +08:00
|
|
|
source = "../../modules/security_identity_compliance/iam-user"
|
|
|
|
|
2024-03-26 15:32:59 +08:00
|
|
|
iam-user-name = "JohnNotInGroup"
|
|
|
|
create-access-key = true
|
|
|
|
create-password = true
|
2023-02-28 16:38:16 +08:00
|
|
|
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
|
|
|
|
}
|
|
|
|
|
2024-03-26 15:32:59 +08:00
|
|
|
module "iam-user2" {
|
2023-02-28 16:38:16 +08:00
|
|
|
source = "../../modules/security_identity_compliance/iam-user"
|
|
|
|
|
2024-03-26 15:32:59 +08:00
|
|
|
iam-user-name = "PeterInGroup"
|
|
|
|
iam-user-policy = data.aws_iam_policy_document.user-policy.json
|
2023-02-28 16:38:16 +08:00
|
|
|
iam-user-policy-name = "S3AdminPermissions"
|
2024-03-26 15:32:59 +08:00
|
|
|
create-access-key = false
|
|
|
|
create-password = false
|
|
|
|
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
|
|
|
|
add-to-groups = [module.iam-group.iam-group-name]
|
2023-02-28 16:38:16 +08:00
|
|
|
}
|
|
|
|
|
2024-03-26 15:32:59 +08:00
|
|
|
data "aws_iam_policy_document" "user-policy" {
|
2023-02-28 16:38:16 +08:00
|
|
|
statement {
|
|
|
|
sid = "s3admin"
|
|
|
|
|
|
|
|
actions = [
|
|
|
|
"s3:*"
|
|
|
|
]
|
|
|
|
|
2024-03-26 15:32:59 +08:00
|
|
|
effect = "Allow"
|
2023-02-28 16:38:16 +08:00
|
|
|
resources = ["*"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-03-26 15:32:59 +08:00
|
|
|
output "iam-user1-arn" {
|
2023-02-28 16:38:16 +08:00
|
|
|
value = module.iam-user1.iam-user-arn
|
|
|
|
}
|
|
|
|
|
2024-03-26 15:32:59 +08:00
|
|
|
output "iam-user2-arn" {
|
2023-02-28 16:38:16 +08:00
|
|
|
value = module.iam-user2.iam-user-arn
|
|
|
|
}
|
|
|
|
|
2024-03-26 15:32:59 +08:00
|
|
|
output "iam-user1-access-key" {
|
2023-02-28 16:38:16 +08:00
|
|
|
value = module.iam-user1.iam-user-access-key
|
|
|
|
}
|
|
|
|
|
2024-03-26 15:32:59 +08:00
|
|
|
output iam-user1-secret-location {
|
|
|
|
value = module.iam-user1.iam-user-secret-arn
|
|
|
|
}
|