xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ef27e2f320
terraform.aws-baseline-infra/examples/iam.user/main.tf
xpk c07f02bf9a
UPD: clean up
2023-02-28 16:38:16 +08:00

81 lines
2.1 KiB
HCL
Raw Blame History

module iam-group {
source = "../../modules/security_identity_compliance/iam-group"
default-tags = local.default-tags
iam-group-name = "ViewOnlyUsers001"
iam-group-policy = ""
iam-group-policy-name = ""
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
}
module iam-group2 {
source = "../../modules/security_identity_compliance/iam-group"
default-tags = local.default-tags
iam-group-name = "ViewOnlyAndS3Admin001"
iam-group-policy = data.aws_iam_policy_document.user-policy.json
iam-group-policy-name = "S3AdminPermissions"
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
}
module iam-user1 {
source = "../../modules/security_identity_compliance/iam-user"
default-tags = local.default-tags
iam-user-name = "UserNoGroup001"
create-access-key = true
create-password = true
pgp-key = var.pgp-key
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
}
module iam-user2 {
source = "../../modules/security_identity_compliance/iam-user"
default-tags = local.default-tags
iam-user-name = "UserInGroup001"
iam-user-policy = data.aws_iam_policy_document.user-policy.json
iam-user-policy-name = "S3AdminPermissions"
create-access-key = false
create-password = false
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
add-to-groups = [module.iam-group.iam-group-name]
}
data aws_iam_policy_document user-policy {
statement {
sid = "s3admin"
actions = [
"s3:*"
]
effect = "Allow"
resources = ["*"]
}
}
output iam-user1-arn {
value = module.iam-user1.iam-user-arn
}
output iam-user2-arn {
value = module.iam-user2.iam-user-arn
}
output iam-user1-access-key {
value = module.iam-user1.iam-user-access-key
}
output iam-user1-access-key-pgp {
value = module.iam-user1.iam-user-access-key-pgp
}
output iam-user1-secret-key-pgp {
value = module.iam-user1.iam-user-secret-key-pgp
}
output iam-user1-pass-pgp {
value = module.iam-user1.iam-user-pass-pgp
}
Reference in New Issue View Git Blame Copy Permalink