xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

FIX: bug fix on iam-user module

Browse Source
This commit is contained in:
KF 2022-10-19 19:56:39 +08:00
parent bcf760b5b0
commit 9002bbed80
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
1 changed files with 19 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
modules/security_identity_compliance/iam-user/main.tf
View File

@ -9,12 +9,13 @@ resource "aws_iam_access_key" "iam-user-access-key" {
user = aws_iam_user.iam-user.name user = aws_iam_user.iam-user.name
} }
resource "aws_iam_user_policy" "iam-user-policy" { # need to work on attaching additional user policy
count = var.create-group ? 0 : 1 #resource "aws_iam_user_policy" "iam-user-policy" {
name = var.iam-user-policy-name # count = var.create-group ? 0 : 1
user = aws_iam_user.iam-user.name # name = var.iam-user-policy-name
policy = var.iam-user-policy # user = aws_iam_user.iam-user.name
} # policy = var.iam-user-policy
#}
resource "aws_iam_user_policy" iam-user-selfservice-policy { resource "aws_iam_user_policy" iam-user-selfservice-policy {
name = "SelfServicePermissions" name = "SelfServicePermissions"
@ -84,27 +85,29 @@ resource aws_iam_group iam-group {
resource aws_iam_group_membership new-group-membership { resource aws_iam_group_membership new-group-membership {
count = length(aws_iam_group.iam-group) count = length(aws_iam_group.iam-group)
name = aws_iam_group.iam-group[0].name name = "MembershipToNewGroups"
group = aws_iam_group.iam-group[0].name group = aws_iam_group.iam-group[0].name
users = [aws_iam_user.iam-user.name] users = [aws_iam_user.iam-user.name]
} }
resource aws_iam_group_membership existing-group-membership { resource aws_iam_group_membership existing-group-membership {
count = length(var.add-to-groups) for_each = var.add-to-groups
name = var.add-to-groups[count.index] name = "MembershipToExistingGroups"
group = var.add-to-groups[count.index] group = each.value
users = [aws_iam_user.iam-user.name] users = [aws_iam_user.iam-user.name]
} }
resource "aws_iam_group_policy" "iam-group-policy" { # need to work on attaching additional group policy
count = var.create-group ? 1 : 0 #resource "aws_iam_group_policy" "iam-group-policy" {
name = "SelfServiceAccess" # count = var.create-group ? 1 : 0
group = aws_iam_group.iam-group[0].name # name = "SelfServiceAccess"
policy = var.iam-user-policy # group = aws_iam_group.iam-group[0].name
} # policy = var.iam-user-policy
#}
resource "aws_iam_group_policy_attachment" "iam-group-managed-policies" { resource "aws_iam_group_policy_attachment" "iam-group-managed-policies" {
count = var.create-group ? length(var.managed-policy-arns) : 0 count = var.create-group ? length(var.managed-policy-arns) : 0
group = aws_iam_group.iam-group[0].name group = aws_iam_group.iam-group[0].name
policy_arn = var.managed-policy-arns[count.index] policy_arn = var.managed-policy-arns[count.index]
} }