terraform.examples/modules/security_identity_compliance/iam-user/example/main.tf

module "example" {
  source                   = "../"
  user_name                = "example-user"
  create_group_name        = "example-group"
  create_access_key        = false
  enable_console_access    = true
  custom_iam_policy_json = data.aws_iam_policy_document.ec2-restart.json
  secretsmanager_kms_arn   = "arn:aws:kms:ap-east-1:000011112222:key/0000"
}

data "aws_iam_policy_document" "ec2-restart" {
  statement {
    sid = "StartStopEc2Instances"

    actions = [
      "ec2:StartInstances",
      "ec2:StopInstances",
      "ec2:Describe*"
    ]

    resources = [
      "arn:aws:ec2:ap-east-1:${data.aws_caller_identity.this.account_id}:instance/i-00001",
      "arn:aws:ec2:ap-east-1:${data.aws_caller_identity.this.account_id}:instance/i-00002"
    ]

    effect = "Allow"
  }
}