<!-- This readme file is generated with terraform-docs -->
## Example

```hcl
module "example" {
  source                   = "../"
  user_name                = "example-user"
  create_group_name        = "example-group"
  create_access_key        = false
  enable_console_access    = true
  custom_iam_policy_json = data.aws_iam_policy_document.ec2-restart.json
  secretsmanager_kms_arn   = "arn:aws:kms:ap-east-1:000011112222:key/0000"
}

data "aws_iam_policy_document" "ec2-restart" {
  statement {
    sid = "StartStopEc2Instances"

    actions = [
      "ec2:StartInstances",
      "ec2:StopInstances",
      "ec2:Describe*"
    ]

    resources = [
      "arn:aws:ec2:ap-east-1:${data.aws_caller_identity.this.account_id}:instance/i-00001",
      "arn:aws:ec2:ap-east-1:${data.aws_caller_identity.this.account_id}:instance/i-00002"
    ]

    effect = "Allow"
  }
}
```

# iam-user module
Creates iam user. If new group will be created for this user, use custom\_iam\_policy\_json to
attach iam policy to the group. You can also use attach\_iam\_policies to attach AWS-managed policies.

## Security requirements
IAM policies must be attached to iam group, not directly to iam user.
This module requires a new group be created, or an existing group for the user to be added to.

User credentials are saved in secretsmanager, which must be encrypted with CMK

## Requirements

No requirements.

## Providers

| Name | Version |
| ---- | ------- |
| aws | n/a |

## Modules

| Name | Source | Version |
| ---- | ------ | ------- |
| UserCredentials | ../secretsmanager-2025 | n/a |

## Resources

| Name | Type |
| ---- | ---- |
| [aws_iam_access_key.AccessKey](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
| [aws_iam_group.group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group) | resource |
| [aws_iam_group_membership.membership](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_membership) | resource |
| [aws_iam_group_policy_attachment.ManagedPolicies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
| [aws_iam_group_policy_attachment.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
| [aws_iam_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_user.user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
| [aws_iam_user_login_profile.profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_login_profile) | resource |
| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

## Inputs

| Name | Description | Type | Default | Required |
| ---- | ----------- | ---- | ------- | :------: |
| attach\_iam\_policies | Aws-Managed iam policies to be attached | `list(string)` | `[]` | no |
| create\_access\_key | Create access key for user | `bool` | n/a | yes |
| create\_group\_name | Name of new group to be created and add user to | `string` | `null` | no |
| custom\_iam\_policy\_json | Json encoded aws\_iam\_policy\_document, only applicable when create\_group\_name is used. | `string` | n/a | yes |
| enable\_console\_access | Enable console access | `bool` | n/a | yes |
| existing\_group\_name | Name of existing group to add user to | `string` | `null` | no |
| secretsmanager\_kms\_arn | KMS key arn of secretsmanager | `string` | n/a | yes |
| user\_name | Name of IAM user | `string` | n/a | yes |

## Outputs

No outputs.
 
---
## Authorship
This module was developed by Rackspace.