xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity

initial commit

Browse Source
This commit is contained in:
xpk
2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security_identity_compliance/terraform-user/main.tf
+96
View File
@@ -0,0 +1,96 @@
module "terraform-user" {
source = "../iam-user"
create-access-key = true
create-password = false
default-tags = var.default-tags
iam-user-name = "${var.user-name}-${formatdate("YYYYMMDD_hhmm", timestamp())}"
managed-policy-arns = lookup(local.CannedPoliciesByServiceCategory, var.service-category)
pgp-key = var.gpg-key
}
locals {
CannedPoliciesByServiceCategory = {
NetworkingContentDelivery = [
"arn:aws:iam::aws:policy/NetworkAdministrator",
"arn:aws:iam::aws:policy/AmazonRoute53FullAccess",
"arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess"
]
SecurityIdentityCompliance = [
"arn:aws:iam::aws:policy/IAMFullAccess",
"arn:aws:iam::aws:policy/SecurityAudit",
"arn:aws:iam::aws:policy/AWSSecurityHubFullAccess",
"arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess",
"arn:aws:iam::aws:policy/AmazonInspectorFullAccess",
"arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator",
"arn:aws:iam::aws:policy/AWSOrganizationsFullAccess",
"arn:aws:iam::aws:policy/WellArchitectedConsoleFullAccess",
"arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser",
"arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess"
]
ManagementGovernance = [
"arn:aws:iam::aws:policy/CloudWatchFullAccess",
"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",
"arn:aws:iam::aws:policy/CloudWatchEventsFullAccess",
"arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess",
"arn:aws:iam::aws:policy/AmazonSSMFullAccess",
"arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess",
"arn:aws:iam::aws:policy/AWSOrganizationsFullAccess",
"arn:aws:iam::aws:policy/AmazonSQSFullAccess",
"arn:aws:iam::aws:policy/AmazonSNSFullAccess",
"arn:aws:iam::aws:policy/AWSCloudFormationFullAccess"
]
Compute = [
"arn:aws:iam::aws:policy/AmazonEC2FullAccess",
"arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin",
"arn:aws:iam::aws:policy/AWSMarketplaceFullAccess",
"arn:aws:iam::aws:policy/AutoScalingFullAccess",
"arn:aws:iam::aws:policy/AWSImageBuilderFullAccess",
"arn:aws:iam::aws:policy/AWSBackupFullAccess"
]
Containers = [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess",
"arn:aws:iam::aws:policy/AmazonECS_FullAccess",
"arn:aws:iam::aws:policy/AmazonEC2FullAccess"
]
Storage = [
"arn:aws:iam::aws:policy/AmazonS3FullAccess",
"arn:aws:iam::aws:policy/AmazonEC2FullAccess",
"arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess",
"arn:aws:iam::aws:policy/AmazonFSxFullAccess",
"arn:aws:iam::aws:policy/AmazonGlacierFullAccess",
"arn:aws:iam::aws:policy/AWSBackupFullAccess"
]
Database = [
"arn:aws:iam::aws:policy/DatabaseAdministrator",
"arn:aws:iam::aws:policy/AWSBackupFullAccess"
]
DeveloperTools = [
"arn:aws:iam::aws:policy/AWSCodeCommitFullAccess",
"arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess",
"arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess"
]
Analytics = [
"arn:aws:iam::aws:policy/AmazonOpenSearchServiceFullAccess",
"arn:aws:iam::aws:policy/AmazonMSKFullAccess",
"arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2",
"arn:aws:iam::aws:policy/AmazonRedshiftFullAccess"
]
MachineLearning = [
"arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
"arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess",
"arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess",
"arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess"
]
Serverless = [
"arn:aws:iam::aws:policy/AWSLambda_FullAccess",
"arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk",
"arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator",
"arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess",
"arn:aws:iam::aws:policy/AmazonSESFullAccess",
"arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin"
]
}
}