| .. | ||
| main.tf | ||
| outputs.tf | ||
| README.md | ||
| variables.tf | ||
iam-user module
Module for creating IAM user. Credentials, if any, will be encrypted with gpg key. To obtain gpg public key of a user, run
gpg --export key-owner-name | base64
To decrypt the encrypted data
terraform output iam-user-pass | tr -d \" | base64 -d | gpg -d
terraform output iam-user-secret-key | tr -d \" | base64 -d | gpg -d
Example
module iam-user {
source = "../../modules/security_identity_compliance/iam-user"
default-tags = local.default-tags
iam-user-name = var.iam-user-name
iam-user-policy = data.aws_iam_policy_document.user-policy.json
iam-user-policy-name = "SelfServicePermissions"
create-access-key = false
create-password = false
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
create-group = true
iam-group-name = var.iam-group-name
}
data aws_iam_policy_document user-policy {
statement {
sid = "ManageOwnCredentials"
actions = [
"iam:ChangePassword",
"iam:CreateAccessKey",
"iam:DeleteAccessKey",
"iam:ListAccessKey",
"iam:CreateVirtualMFADevice",
"iam:EnableMFADevice",
"iam:ListMFA*",
"iam:ListVirtualMFA*",
"iam:ResyncMFADevice"
]
effect = "Allow"
resources = ["arn:aws:iam::account-id:user/${var.iam-user-name}"]
}
}
output iam-user-arn {
value = module.iam-user.iam-user-arn
}