NEW: pushing in some old stuff
This commit is contained in:
parent
8096205acf
commit
eb01ee1c4f
GPG Key ID:
CD4FF6793F09AB86
@ -0,0 +1,9 @@
|
|||||||
|
terraform {
|
||||||
|
required_version = "~> 1.2.5"
|
||||||
|
required_providers {
|
||||||
|
aws = {
|
||||||
|
source = "hashicorp/aws"
|
||||||
|
version = "~> 3.75.2"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
96
modules/security_identity_compliance/terraform-user/main.tf
Normal file
96
modules/security_identity_compliance/terraform-user/main.tf
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
module "terraform-user" {
|
||||||
|
source = "../iam-user"
|
||||||
|
|
||||||
|
create-access-key = true
|
||||||
|
create-password = false
|
||||||
|
default-tags = var.default-tags
|
||||||
|
iam-user-name = "${var.user-name}-${formatdate("YYYYMMDD_hhmm", timestamp())}"
|
||||||
|
managed-policy-arns = lookup(local.CannedPoliciesByServiceCategory, var.service-category)
|
||||||
|
pgp-key = var.gpg-key
|
||||||
|
}
|
||||||
|
|
||||||
|
locals {
|
||||||
|
CannedPoliciesByServiceCategory = {
|
||||||
|
NetworkingContentDelivery = [
|
||||||
|
"arn:aws:iam::aws:policy/NetworkAdministrator",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonRoute53FullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess"
|
||||||
|
]
|
||||||
|
SecurityIdentityCompliance = [
|
||||||
|
"arn:aws:iam::aws:policy/IAMFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/SecurityAudit",
|
||||||
|
"arn:aws:iam::aws:policy/AWSSecurityHubFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonInspectorFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator",
|
||||||
|
"arn:aws:iam::aws:policy/AWSOrganizationsFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/WellArchitectedConsoleFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser",
|
||||||
|
"arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess"
|
||||||
|
]
|
||||||
|
ManagementGovernance = [
|
||||||
|
"arn:aws:iam::aws:policy/CloudWatchFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/CloudWatchEventsFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonSSMFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AWSOrganizationsFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonSQSFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonSNSFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AWSCloudFormationFullAccess"
|
||||||
|
]
|
||||||
|
Compute = [
|
||||||
|
"arn:aws:iam::aws:policy/AmazonEC2FullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin",
|
||||||
|
"arn:aws:iam::aws:policy/AWSMarketplaceFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AutoScalingFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AWSImageBuilderFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AWSBackupFullAccess"
|
||||||
|
]
|
||||||
|
Containers = [
|
||||||
|
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonECS_FullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonEC2FullAccess"
|
||||||
|
]
|
||||||
|
Storage = [
|
||||||
|
"arn:aws:iam::aws:policy/AmazonS3FullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonEC2FullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonFSxFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonGlacierFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AWSBackupFullAccess"
|
||||||
|
]
|
||||||
|
Database = [
|
||||||
|
"arn:aws:iam::aws:policy/DatabaseAdministrator",
|
||||||
|
"arn:aws:iam::aws:policy/AWSBackupFullAccess"
|
||||||
|
]
|
||||||
|
DeveloperTools = [
|
||||||
|
"arn:aws:iam::aws:policy/AWSCodeCommitFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess"
|
||||||
|
]
|
||||||
|
Analytics = [
|
||||||
|
"arn:aws:iam::aws:policy/AmazonOpenSearchServiceFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonMSKFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonRedshiftFullAccess"
|
||||||
|
]
|
||||||
|
MachineLearning = [
|
||||||
|
"arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess"
|
||||||
|
]
|
||||||
|
Serverless = [
|
||||||
|
"arn:aws:iam::aws:policy/AWSLambda_FullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator",
|
||||||
|
"arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonSESFullAccess",
|
||||||
|
"arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
@ -0,0 +1,6 @@
|
|||||||
|
output keys {
|
||||||
|
value = {
|
||||||
|
access-key = module.terraform-user.iam-user-access-key-pgp
|
||||||
|
secret-key = module.terraform-user.iam-user-secret-key-pgp
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,9 @@
|
|||||||
|
terraform {
|
||||||
|
required_version = ">= 1.3.0"
|
||||||
|
required_providers {
|
||||||
|
aws = {
|
||||||
|
source = "hashicorp/aws"
|
||||||
|
version = ">= 4.40"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,7 @@
|
|||||||
|
variable default-tags {}
|
||||||
|
variable user-name {
|
||||||
|
type = string
|
||||||
|
default = "terraform-role"
|
||||||
|
}
|
||||||
|
variable service-category {}
|
||||||
|
variable gpg-key {}
|
||||||
Loading…
Reference in New Issue
Block a user