UPD: Updated ManageOwnCredentials policy
This commit is contained in:
parent
c830a495a1
commit
7f927fcbdc
@ -10,8 +10,8 @@ resource "aws_iam_access_key" "iam-user-access-key" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_access_key" "iam-user-access-key-pgp" {
|
resource "aws_iam_access_key" "iam-user-access-key-pgp" {
|
||||||
count = var.create-access-key && var.pgp-key != null ? 1 : 0
|
count = var.create-access-key && var.pgp-key != null ? 1 : 0
|
||||||
user = aws_iam_user.iam-user.name
|
user = aws_iam_user.iam-user.name
|
||||||
pgp_key = var.pgp-key
|
pgp_key = var.pgp-key
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -37,7 +37,7 @@ data "aws_iam_policy_document" "user-policy" {
|
|||||||
"iam:ChangePassword",
|
"iam:ChangePassword",
|
||||||
"iam:CreateAccessKey",
|
"iam:CreateAccessKey",
|
||||||
"iam:DeleteAccessKey",
|
"iam:DeleteAccessKey",
|
||||||
"iam:ListAccessKey",
|
"iam:ListAccessKeys",
|
||||||
"iam:CreateVirtualMFADevice",
|
"iam:CreateVirtualMFADevice",
|
||||||
"iam:EnableMFADevice",
|
"iam:EnableMFADevice",
|
||||||
"iam:ListMFA*",
|
"iam:ListMFA*",
|
||||||
@ -46,7 +46,14 @@ data "aws_iam_policy_document" "user-policy" {
|
|||||||
]
|
]
|
||||||
|
|
||||||
effect = "Allow"
|
effect = "Allow"
|
||||||
resources = ["arn:aws:iam::account-id:user/${var.iam-user-name}"]
|
resources = ["arn:aws:iam::*:user/$${aws:username}"]
|
||||||
|
}
|
||||||
|
|
||||||
|
statement {
|
||||||
|
sid = "GetPasswordPolicy"
|
||||||
|
actions = ["iam:GetAccountPasswordPolicy"]
|
||||||
|
effect = "Allow"
|
||||||
|
resources = ["*"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -68,12 +75,12 @@ resource "aws_iam_user_login_profile" "iam-user-profile" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_user_login_profile" "iam-user-profile-pgp" {
|
resource "aws_iam_user_login_profile" "iam-user-profile-pgp" {
|
||||||
count = var.create-password && var.pgp-key != null ? 1 : 0
|
count = var.create-password && var.pgp-key != null ? 1 : 0
|
||||||
user = aws_iam_user.iam-user.name
|
user = aws_iam_user.iam-user.name
|
||||||
pgp_key = var.pgp-key
|
pgp_key = var.pgp-key
|
||||||
}
|
}
|
||||||
|
|
||||||
resource random_id secrets-random-id {
|
resource "random_id" "secrets-random-id" {
|
||||||
byte_length = 2
|
byte_length = 2
|
||||||
}
|
}
|
||||||
resource "aws_secretsmanager_secret" "secretmanager" {
|
resource "aws_secretsmanager_secret" "secretmanager" {
|
||||||
|
Loading…
Reference in New Issue
Block a user