initial commit

iam.user/main.tf

@@ -0,0 +1,67 @@
+module "iam-group" {
+  source = "../../modules/security_identity_compliance/iam-group"
+
+  iam-group-name        = "ViewOnlyUsers001"
+  iam-group-policy      = ""
+  iam-group-policy-name = ""
+  managed-policy-arns   = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
+}
+
+module "iam-group2" {
+  source = "../../modules/security_identity_compliance/iam-group"
+
+  iam-group-name        = "ViewOnlyAndS3Admin001"
+  iam-group-policy      = data.aws_iam_policy_document.user-policy.json
+  iam-group-policy-name = "S3AdminPermissions"
+  managed-policy-arns   = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
+}
+
+module "iam-user1" {
+  source = "../../modules/security_identity_compliance/iam-user"
+
+  iam-user-name       = "JohnNotInGroup"
+  create-access-key   = true
+  create-password     = true
+  managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
+}
+
+module "iam-user2" {
+  source = "../../modules/security_identity_compliance/iam-user"
+
+  iam-user-name        = "PeterInGroup"
+  iam-user-policy      = data.aws_iam_policy_document.user-policy.json
+  iam-user-policy-name = "S3AdminPermissions"
+  create-access-key    = false
+  create-password      = false
+  managed-policy-arns  = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
+  add-to-groups        = [module.iam-group.iam-group-name]
+}
+
+data "aws_iam_policy_document" "user-policy" {
+  statement {
+    sid = "s3admin"
+
+    actions = [
+      "s3:*"
+    ]
+
+    effect    = "Allow"
+    resources = ["*"]
+  }
+}
+
+output "iam-user1-arn" {
+  value = module.iam-user1.iam-user-arn
+}
+
+output "iam-user2-arn" {
+  value = module.iam-user2.iam-user-arn
+}
+
+output "iam-user1-access-key" {
+  value = module.iam-user1.iam-user-access-key
+}
+
+output iam-user1-secret-location {
+  value = module.iam-user1.iam-user-secret-arn
+}

iam.user/terraform.tfvars

@@ -0,0 +1,8 @@
+aws-region          = "ap-southeast-1"
+customer-name       = "ken2026"
+environment         = "dev"
+project             = "iac"
+application         = "terraform"
+costcenter          = "none"
+DynamicAddressGroup = ""
+owner               = "Rackspace"

iam.user/variables.tf

@@ -0,0 +1,21 @@
+variable "aws-region" {}
+variable "customer-name" {}
+variable "environment" {}
+variable "project" {}
+variable "application" {}
+variable "owner" {}
+variable "costcenter" {}
+variable "DynamicAddressGroup" {}
+
+locals {
+  default-tags = {
+    ServiceProvider     = "RackspaceTechnology"
+    Environment         = var.environment
+    Project             = var.project
+    Application         = var.application
+    TerraformMode       = "managed"
+    Owner               = var.owner
+    TerraformDir        = join("/", reverse(slice(reverse(split("/", path.cwd)), 0, 2)))
+  }
+  resource-prefix = "${var.environment}-substr(${var.aws-region},0,2)-${var.customer-name}-${var.project}"
+}