module "terraform-user" {
  source = "../iam-user"

  create-access-key   = true
  create-password     = false
  default-tags        = var.default-tags
  iam-user-name       = "${var.user-name}-${formatdate("YYYYMMDD_hhmm", timestamp())}"
  managed-policy-arns = lookup(local.CannedPoliciesByServiceCategory, var.service-category)
  pgp-key             = var.gpg-key
}

locals {
  CannedPoliciesByServiceCategory = {
    NetworkingContentDelivery = [
      "arn:aws:iam::aws:policy/NetworkAdministrator",
      "arn:aws:iam::aws:policy/AmazonRoute53FullAccess",
      "arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess"
    ]
    SecurityIdentityCompliance = [
      "arn:aws:iam::aws:policy/IAMFullAccess",
      "arn:aws:iam::aws:policy/SecurityAudit",
      "arn:aws:iam::aws:policy/AWSSecurityHubFullAccess",
      "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess",
      "arn:aws:iam::aws:policy/AmazonInspectorFullAccess",
      "arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator",
      "arn:aws:iam::aws:policy/AWSOrganizationsFullAccess",
      "arn:aws:iam::aws:policy/WellArchitectedConsoleFullAccess",
      "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser",
      "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess"
    ]
    ManagementGovernance = [
      "arn:aws:iam::aws:policy/CloudWatchFullAccess",
      "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",
      "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess",
      "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess",
      "arn:aws:iam::aws:policy/AmazonSSMFullAccess",
      "arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess",
      "arn:aws:iam::aws:policy/AWSOrganizationsFullAccess",
      "arn:aws:iam::aws:policy/AmazonSQSFullAccess",
      "arn:aws:iam::aws:policy/AmazonSNSFullAccess",
      "arn:aws:iam::aws:policy/AWSCloudFormationFullAccess"
    ]
    Compute = [
      "arn:aws:iam::aws:policy/AmazonEC2FullAccess",
      "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin",
      "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess",
      "arn:aws:iam::aws:policy/AutoScalingFullAccess",
      "arn:aws:iam::aws:policy/AWSImageBuilderFullAccess",
      "arn:aws:iam::aws:policy/AWSBackupFullAccess"
    ]
    Containers = [
      "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess",
      "arn:aws:iam::aws:policy/AmazonECS_FullAccess",
      "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
    ]
    Storage = [
      "arn:aws:iam::aws:policy/AmazonS3FullAccess",
      "arn:aws:iam::aws:policy/AmazonEC2FullAccess",
      "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess",
      "arn:aws:iam::aws:policy/AmazonFSxFullAccess",
      "arn:aws:iam::aws:policy/AmazonGlacierFullAccess",
      "arn:aws:iam::aws:policy/AWSBackupFullAccess"
    ]
    Database = [
      "arn:aws:iam::aws:policy/DatabaseAdministrator",
      "arn:aws:iam::aws:policy/AWSBackupFullAccess"
    ]
    DeveloperTools = [
      "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess",
      "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess",
      "arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess"
    ]
    Analytics = [
      "arn:aws:iam::aws:policy/AmazonOpenSearchServiceFullAccess",
      "arn:aws:iam::aws:policy/AmazonMSKFullAccess",
      "arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2",
      "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess"
    ]
    MachineLearning = [
      "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
      "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess",
      "arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess",
      "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess"
    ]
    Serverless = [
      "arn:aws:iam::aws:policy/AWSLambda_FullAccess",
      "arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk",
      "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator",
      "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess",
      "arn:aws:iam::aws:policy/AmazonSESFullAccess",
      "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin"
    ]
  }


}