xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

UPD: Updated ManageOwnCredentials policy

Browse Source
This commit is contained in:
xpk 2024-03-26 14:37:49 +08:00
parent c830a495a1
commit 7f927fcbdc
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/security_identity_compliance/iam-user/main.tf
View File

@ -37,7 +37,7 @@ data "aws_iam_policy_document" "user-policy" {
"iam:ChangePassword", "iam:ChangePassword",
"iam:CreateAccessKey", "iam:CreateAccessKey",
"iam:DeleteAccessKey", "iam:DeleteAccessKey",
"iam:ListAccessKey", "iam:ListAccessKeys",
"iam:CreateVirtualMFADevice", "iam:CreateVirtualMFADevice",
"iam:EnableMFADevice", "iam:EnableMFADevice",
"iam:ListMFA*", "iam:ListMFA*",
@ -46,7 +46,14 @@ data "aws_iam_policy_document" "user-policy" {
] ]
effect = "Allow" effect = "Allow"
resources = ["arn:aws:iam::account-id:user/${var.iam-user-name}"] resources = ["arn:aws:iam::*:user/$${aws:username}"]
}
statement {
sid = "GetPasswordPolicy"
actions = ["iam:GetAccountPasswordPolicy"]
effect = "Allow"
resources = ["*"]
} }
} }
@ -73,7 +80,7 @@ resource "aws_iam_user_login_profile" "iam-user-profile-pgp" {
pgp_key = var.pgp-key pgp_key = var.pgp-key
} }
resource random_id secrets-random-id { resource "random_id" "secrets-random-id" {
byte_length = 2 byte_length = 2
} }
resource "aws_secretsmanager_secret" "secretmanager" { resource "aws_secretsmanager_secret" "secretmanager" {