From eea73dc11020315fed68cf9081a040739a2a0fb6 Mon Sep 17 00:00:00 2001
From: KF <ee@rackspace>
Date: Mon, 17 Oct 2022 13:18:59 +0800
Subject: [PATCH] NEW: Process credentials with gpg

---
 examples/iam.user.gpg/main.tf          | 51 ++++++++++++++++++++++++++
 examples/iam.user.gpg/terraform.tfvars | 44 ++++++++++++++++++++++
 examples/iam.user.gpg/variables.tf     | 28 ++++++++++++++
 3 files changed, 123 insertions(+)
 create mode 100644 examples/iam.user.gpg/main.tf
 create mode 100644 examples/iam.user.gpg/terraform.tfvars
 create mode 100644 examples/iam.user.gpg/variables.tf

diff --git a/examples/iam.user.gpg/main.tf b/examples/iam.user.gpg/main.tf
new file mode 100644
index 0000000..fc0a4cc
--- /dev/null
+++ b/examples/iam.user.gpg/main.tf
@@ -0,0 +1,51 @@
+module iam-user {
+  source = "../../modules/security_identity_compliance/iam-user-gpg"
+
+  default-tags    = local.default-tags
+  iam-user-name   = var.iam-user-name
+  iam-user-policy = data.aws_iam_policy_document.user-policy.json
+  iam-user-policy-name = "SelfServicePermissions"
+  create-access-key = false
+  create-password = true
+  managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
+  create-group = true
+  iam-group-name = var.iam-group-name
+  pgp-key = var.pgp-key
+}
+
+data aws_iam_policy_document user-policy {
+  statement {
+    sid = "ManageOwnCredentials"
+
+    actions = [
+      "iam:ChangePassword",
+      "iam:CreateAccessKey",
+      "iam:DeleteAccessKey",
+      "iam:ListAccessKey",
+      "iam:CreateVirtualMFADevice",
+      "iam:EnableMFADevice",
+      "iam:ListMFA*",
+      "iam:ListVirtualMFA*",
+      "iam:ResyncMFADevice"
+    ]
+
+    effect = "Allow"
+    resources = ["arn:aws:iam::account-id:user/${var.iam-user-name}"]
+  }
+}
+
+output iam-user-arn {
+  value = module.iam-user.iam-user-arn
+}
+
+output iam-user-pass {
+  value = module.iam-user.iam-user-pass
+}
+
+output iam-user-access-key {
+  value = module.iam-user.iam-user-access-key
+}
+
+output iam-user-secret-key {
+  value = module.iam-user.iam-user-secret-key
+}
\ No newline at end of file
diff --git a/examples/iam.user.gpg/terraform.tfvars b/examples/iam.user.gpg/terraform.tfvars
new file mode 100644
index 0000000..9e681df
--- /dev/null
+++ b/examples/iam.user.gpg/terraform.tfvars
@@ -0,0 +1,44 @@
+aws-region          = "ap-southeast-1"
+customer-name       = "ken2026"
+environment         = "dev"
+project             = "iac"
+application         = "terraform"
+costcenter          = "none"
+DynamicAddressGroup = ""
+owner               = "Rackspace"
+
+iam-user-name  = "TestUser1017"
+iam-group-name = "TestGroup1017"
+pgp-key = <<EOT
+mQGNBFwvcRcBDADFUwrq87O8Xe0A0m+8sBAfp9N9NfVf1DjF6u2fRNOyCe0wP7ZakmPC/lot3eAn
+9Ztd/S4ReY5o8G6O7euRsa9ha2jmOAKmChOsbAYJogz9+MI4mxKY38XyKN7qItfwDQhanAktgx+P
+BKmeBOzVPEslKb2F/bf32UilxwDdstxHBq7XObO1JFh5b5WPlau4JFG2OSlhI65+WRVBEo/d3ysc
+9m3f4nVEGbiAFzU+Tk48s00CqfMW43+Ktz9Pxi2HAbzw83UvzIsyWYPEMky0tee9iaC4XbjndTTB
+iwZpQw8+zdDpmhObkee+rFnK8/xTB8jGe5BE2Mjoo1PTM0v8jdtigC5vAKniMZq9bBccX+Wfmx9D
+LlL5hTqQ04a22VCVi0jSTLEwL6SKmx5O81OQWPOKcl+mi3DwoiT2Te9EXbTiiwVQHcoKkVs+jjRr
+6I3vtbbvKen/Dd9jE+dBtrOmPfJPAIm0oNg47R1soqIiYDm3PNC9XoWwMqn1zfTvlc6RIYMAEQEA
+AbQXeCBwIGsgPHhwa0BoZWFkZGVzay5tZT6JAc4EEwEIADgWIQRfsOzq3+qQBFR9qhXNT/Z5Pwmr
+hgUCXC9xFwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDNT/Z5Pwmrhl3hDACaAgHhd8dP
+433Q25veYnE0tyEQNpF36v3AhBSCW6r5+KDkWmvyo87JXx6uyD09vHd2maQDgc9D3GBD54X3CBTA
+q89a60dAfdW152sm7X74gKLTgSXXnYBAXC6ZY75uusw+DKpRzPRfzkHwX+7cl4sErDMivCzci0nf
+dn9uGOFD/96AZUwb40Rr3abetisddF6Tog8REhAY6apNFddWlYrdLkoHJqnZjVpMlWK/08bWOyDE
+sIv0wC1yqtY9WKyQv0A8E03ZBjACzTIn988DvfA5e8iNxOvduk+s8xuHFNblyZYzJsqDuD+i/qVD
+MI188A3OhO3Ew3D2pGvf9w97qI0Q5b4fKVgFfQHaJnruqrJiIaYLtyeiZr2NsHu6rRxky/Wr3Oat
+9Z+AUzNc/BcvW19paD+c0AOFwR9fGuDWwcSN0QffHA905ydklPDKuxa9F1MZcuEvW+HHrxHTL08l
+YonBTydQKY5XOZe2pFFf3JgTXsCTlZYbbiZzJ4mXGjRLQ325AY0EXC9xFwEMAOWNTfkoha8t0NEF
++WmBybtQ0R/AraG3CmjN416Sfnudhg0HX+NXbsCNCtt5ht2lS+y1gDD/pClR02/QFjNfihjxxHIC
+ql9dnqDUlay1wmgv2kKGbHGeRZ3MnwYJjm2evAEid2GA7euBYwUbFS6cJz88jn+cTENsNpn6zNYD
+1112o1vdZTUZzIGvYIw8DL31FgC6twZlSsJ7wIhKQxj40uxQ+sPCxvvhFIz3et2COfKlQwsyugD0
+wefFqU65ByTArs8qBiuMjphqx4JVkfv+NUk7hSAc7/+XC7Fz6kSuMljLeg0SZY02Od/2U6iy2zQm
+6psmKgITwfgy01YcKXNCJDR8CcIb70xr3WmdJmqpmQUl19VLbF0cIeXTuG7YUEmWWqLNXlAxnpBf
+2pknLKfqUIrRAEHC4L7LWFdi+UeDeoOFvbkKcQ0MjYBrA0wfr2kF6y0PagTgHUW0eUnQx4CRIKab
+LwwqQphwoug+jMqLOF9SVK4Rq+TrspmGg8GR0OeBbwARAQABiQG2BBgBCAAgFiEEX7Ds6t/qkARU
+faoVzU/2eT8Jq4YFAlwvcRcCGwwACgkQzU/2eT8Jq4aKugwAiNYSNwonzR15p24zsfLqxBeNLmtt
+XcoorlpmSPAQFr9gMUY94I+ZH4jKydhz8H5oEuxHnM4VQIs1OAH9YQqG/m8aq91i+Gva3quSjdTN
+Xl6lnPnC1eZKJbm04U2Uj73cAtt+rGJoqvZiEOme2LqQtmiQhJh5ASMX+W9d3bCnogML/CHVRV0t
+hVf5tudCK8R+KwcNV1NjvH7sVbtxfpJTeZtP7hIxhEUnTnjetd54UJKBQ3yFuDXD2d0nuuCSz1qO
+8C/HYe672m2slVZfX5eTQItVd3wPCc9Zfum3zTMuFTFb8en9cOUzLynfzOwj2+FGwlwaWUppUBH/
+D8HUCIzKJcXVHHCi3pww8TSVoD+n545kUhyJwh+qxWtttm4Hs0al3t0QGuaD6RHGtpdqZ8jgRY8Q
+FLiCnhBm3F0GWXkbKUfH2zVPSexsPSp/DH1hjy7s+ugIJZ75+JzXfFL45C2aXhArKdCFqQQlVFh7
+B92IFh1fiCOyTmXkDWiNOa5jY9mN
+EOT
diff --git a/examples/iam.user.gpg/variables.tf b/examples/iam.user.gpg/variables.tf
new file mode 100644
index 0000000..f65a05a
--- /dev/null
+++ b/examples/iam.user.gpg/variables.tf
@@ -0,0 +1,28 @@
+variable "aws-region" {}
+variable "customer-name" {}
+variable "environment" {}
+variable "project" {}
+variable "application" {}
+variable "owner" {}
+variable "costcenter" {}
+variable "DynamicAddressGroup" {}
+
+locals {
+  default-tags = {
+    ServiceProvider     = "RackspaceTechnology"
+    Environment         = var.environment
+    Project             = var.project
+    Application         = var.application
+    TerraformMode       = "managed"
+    BuildDate           = formatdate("YYYYMMDD", timestamp())
+    Owner               = var.owner
+    CostCenter          = var.costcenter
+    DynamicAddressGroup = var.DynamicAddressGroup
+
+  }
+  resource-prefix = "${var.environment}-substr(${var.aws-region},0,2)-${var.customer-name}-${var.project}"
+}
+
+variable iam-user-name {}
+variable iam-group-name {}
+variable pgp-key {}
\ No newline at end of file