module iam-group { source = "../../modules/security_identity_compliance/iam-group" default-tags = local.default-tags iam-group-name = "ViewOnlyUsers001" iam-group-policy = "" iam-group-policy-name = "" managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"] } module iam-group2 { source = "../../modules/security_identity_compliance/iam-group" default-tags = local.default-tags iam-group-name = "ViewOnlyAndS3Admin001" iam-group-policy = data.aws_iam_policy_document.user-policy.json iam-group-policy-name = "S3AdminPermissions" managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"] } module iam-user1 { source = "../../modules/security_identity_compliance/iam-user" default-tags = local.default-tags iam-user-name = "UserNoGroup001" create-access-key = true create-password = true pgp-key = var.pgp-key managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"] } module iam-user2 { source = "../../modules/security_identity_compliance/iam-user" default-tags = local.default-tags iam-user-name = "UserInGroup001" iam-user-policy = data.aws_iam_policy_document.user-policy.json iam-user-policy-name = "S3AdminPermissions" create-access-key = false create-password = false managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"] add-to-groups = [module.iam-group.iam-group-name] } data aws_iam_policy_document user-policy { statement { sid = "s3admin" actions = [ "s3:*" ] effect = "Allow" resources = ["*"] } } output iam-user1-arn { value = module.iam-user1.iam-user-arn } output iam-user2-arn { value = module.iam-user2.iam-user-arn } output iam-user1-access-key { value = module.iam-user1.iam-user-access-key } output iam-user1-access-key-pgp { value = module.iam-user1.iam-user-access-key-pgp } output iam-user1-secret-key-pgp { value = module.iam-user1.iam-user-secret-key-pgp } output iam-user1-pass-pgp { value = module.iam-user1.iam-user-pass-pgp }