terraform.aws-baseline-infra/examples/iam.user/main.tf

67 lines
1.8 KiB
Terraform
Raw Normal View History

module "iam-group" {
2023-02-28 16:38:16 +08:00
source = "../../modules/security_identity_compliance/iam-group"
iam-group-name = "ViewOnlyUsers001"
iam-group-policy = ""
iam-group-policy-name = ""
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
}
module "iam-group2" {
2023-02-28 16:38:16 +08:00
source = "../../modules/security_identity_compliance/iam-group"
iam-group-name = "ViewOnlyAndS3Admin001"
iam-group-policy = data.aws_iam_policy_document.user-policy.json
iam-group-policy-name = "S3AdminPermissions"
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
}
module "iam-user1" {
2023-02-28 16:38:16 +08:00
source = "../../modules/security_identity_compliance/iam-user"
iam-user-name = "JohnNotInGroup"
create-access-key = true
create-password = true
2023-02-28 16:38:16 +08:00
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
}
module "iam-user2" {
2023-02-28 16:38:16 +08:00
source = "../../modules/security_identity_compliance/iam-user"
iam-user-name = "PeterInGroup"
iam-user-policy = data.aws_iam_policy_document.user-policy.json
2023-02-28 16:38:16 +08:00
iam-user-policy-name = "S3AdminPermissions"
create-access-key = false
create-password = false
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
add-to-groups = [module.iam-group.iam-group-name]
2023-02-28 16:38:16 +08:00
}
data "aws_iam_policy_document" "user-policy" {
2023-02-28 16:38:16 +08:00
statement {
sid = "s3admin"
actions = [
"s3:*"
]
effect = "Allow"
2023-02-28 16:38:16 +08:00
resources = ["*"]
}
}
output "iam-user1-arn" {
2023-02-28 16:38:16 +08:00
value = module.iam-user1.iam-user-arn
}
output "iam-user2-arn" {
2023-02-28 16:38:16 +08:00
value = module.iam-user2.iam-user-arn
}
output "iam-user1-access-key" {
2023-02-28 16:38:16 +08:00
value = module.iam-user1.iam-user-access-key
}
output iam-user1-secret-location {
value = module.iam-user1.iam-user-secret-arn
}