UPD: Updated ManageOwnCredentials policy

This commit is contained in:
xpk 2024-03-26 14:37:49 +08:00
parent c830a495a1
commit 7f927fcbdc
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86

View File

@ -10,8 +10,8 @@ resource "aws_iam_access_key" "iam-user-access-key" {
}
resource "aws_iam_access_key" "iam-user-access-key-pgp" {
count = var.create-access-key && var.pgp-key != null ? 1 : 0
user = aws_iam_user.iam-user.name
count = var.create-access-key && var.pgp-key != null ? 1 : 0
user = aws_iam_user.iam-user.name
pgp_key = var.pgp-key
}
@ -37,7 +37,7 @@ data "aws_iam_policy_document" "user-policy" {
"iam:ChangePassword",
"iam:CreateAccessKey",
"iam:DeleteAccessKey",
"iam:ListAccessKey",
"iam:ListAccessKeys",
"iam:CreateVirtualMFADevice",
"iam:EnableMFADevice",
"iam:ListMFA*",
@ -46,7 +46,14 @@ data "aws_iam_policy_document" "user-policy" {
]
effect = "Allow"
resources = ["arn:aws:iam::account-id:user/${var.iam-user-name}"]
resources = ["arn:aws:iam::*:user/$${aws:username}"]
}
statement {
sid = "GetPasswordPolicy"
actions = ["iam:GetAccountPasswordPolicy"]
effect = "Allow"
resources = ["*"]
}
}
@ -68,12 +75,12 @@ resource "aws_iam_user_login_profile" "iam-user-profile" {
}
resource "aws_iam_user_login_profile" "iam-user-profile-pgp" {
count = var.create-password && var.pgp-key != null ? 1 : 0
user = aws_iam_user.iam-user.name
count = var.create-password && var.pgp-key != null ? 1 : 0
user = aws_iam_user.iam-user.name
pgp_key = var.pgp-key
}
resource random_id secrets-random-id {
resource "random_id" "secrets-random-id" {
byte_length = 2
}
resource "aws_secretsmanager_secret" "secretmanager" {