xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity
Files
2ef2ad1571b972576efb6688608ea41301ec845f6eb65ce3e2fe44a205db9fb6
terraform.examples/modules/security_identity_compliance/iam-user/README.md
T

3.9 KiB
Raw Blame History

Example

module "example" {
  source                   = "../"
  user_name                = "example-user"
  create_group_name        = "example-group"
  create_access_key        = false
  enable_console_access    = true
  custom_iam_policy_json = data.aws_iam_policy_document.ec2-restart.json
  secretsmanager_kms_arn   = "arn:aws:kms:ap-east-1:000011112222:key/0000"
}

data "aws_iam_policy_document" "ec2-restart" {
  statement {
    sid = "StartStopEc2Instances"

    actions = [
      "ec2:StartInstances",
      "ec2:StopInstances",
      "ec2:Describe*"
    ]

    resources = [
      "arn:aws:ec2:ap-east-1:${data.aws_caller_identity.this.account_id}:instance/i-00001",
      "arn:aws:ec2:ap-east-1:${data.aws_caller_identity.this.account_id}:instance/i-00002"
    ]

    effect = "Allow"
  }
}

iam-user module

Creates iam user. If new group will be created for this user, use custom_iam_policy_json to attach iam policy to the group. You can also use attach_iam_policies to attach AWS-managed policies.

Security requirements

IAM policies must be attached to iam group, not directly to iam user. This module requires a new group be created, or an existing group for the user to be added to.

User credentials are saved in secretsmanager, which must be encrypted with CMK

Requirements

No requirements.

Providers

Name Version
aws n/a

Modules

Name Source Version
UserCredentials ../secretsmanager-2025 n/a

Resources

Name Type
aws_iam_access_key.AccessKey resource
aws_iam_group.group resource
aws_iam_group_membership.membership resource
aws_iam_group_policy_attachment.ManagedPolicies resource
aws_iam_group_policy_attachment.policy resource
aws_iam_policy.policy resource
aws_iam_user.user resource
aws_iam_user_login_profile.profile resource
aws_caller_identity.this data source
aws_iam_policy_document.policy data source

Inputs

Name Description Type Default Required
attach_iam_policies Aws-Managed iam policies to be attached list(string) [] no
create_access_key Create access key for user bool n/a yes
create_group_name Name of new group to be created and add user to string null no
custom_iam_policy_json Json encoded aws_iam_policy_document, only applicable when create_group_name is used. string n/a yes
enable_console_access Enable console access bool n/a yes
existing_group_name Name of existing group to add user to string null no
secretsmanager_kms_arn KMS key arn of secretsmanager string n/a yes
user_name Name of IAM user string n/a yes

Outputs

No outputs.

Authorship

This module was developed by Rackspace.

View Git Blame Copy Permalink