initial commit

modules/security_identity_compliance/iam-group/README.md

@@ -0,0 +1,24 @@
+# iam-user module
+Module for creating IAM user. Credentials, if any, will be stored in secretsmanager
+
+## Example
+```terraform
+module iam-user {
+  source = "../../modules/security_identity_compliance/iam-user"
+
+  default-tags    = local.default-tags
+  iam-user-name   = var.iam-user-name
+  iam-user-policy = ""
+  iam-user-policy-name = "SelfServicePermissions"
+  create-access-key = false
+  create-password = false
+  managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
+  create-group = true
+  add-to-groups = []
+  iam-group-name = var.iam-group-name
+}
+
+output iam-user-arn {
+  value = module.iam-user.iam-user-arn
+}
+```

modules/security_identity_compliance/iam-group/main.tf

@@ -0,0 +1,17 @@
+resource "aws_iam_group" "iam-group" {
+  name  = var.iam-group-name
+}
+
+resource "aws_iam_group_policy" "iam-group-policy-new-group" {
+  count  = var.iam-group-policy != "" ? 1 : 0
+  name   = var.iam-group-policy-name
+  group  = aws_iam_group.iam-group.name
+  policy = var.iam-group-policy
+}
+
+resource "aws_iam_group_policy_attachment" "iam-group-managed-policies" {
+  count      = length(var.managed-policy-arns) > 0 ? 1 : 0
+  group      = aws_iam_group.iam-group.name
+  policy_arn = var.managed-policy-arns[count.index]
+}
+

modules/security_identity_compliance/iam-group/outputs.tf

@@ -0,0 +1,7 @@
+output iam-group-name {
+  value = aws_iam_group.iam-group.name
+}
+
+output iam-group-arn {
+  value = aws_iam_group.iam-group.arn
+}

modules/security_identity_compliance/iam-group/variables.tf

@@ -0,0 +1,4 @@
+variable managed-policy-arns {}
+variable iam-group-name {}
+variable iam-group-policy {}
+variable iam-group-policy-name {}

modules/security_identity_compliance/iam-group/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.3.9"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}