Skip to content

Latest commit

 

History

History
108 lines (83 loc) · 4.61 KB

README.md

File metadata and controls

108 lines (83 loc) · 4.61 KB

Users

This example creates policies and various different users.

Overview

You can define as many users as desired.

  • When using the groups key, respective groups must be defined in var.groups.
  • When using the policies key, respective policies must be defined in var.policies.

Examples

Note: The following examples only shows the creation of a single user. You can however create as many users as desired. Also re-arranging them within the list will not trigger terraform to change or destroy resources as they're internally stored in a map (rather than a list) by their user names as keys (See module's locals.tf for transformation).

Users are defined as follows:

terraform.tfvars

users = [
  {
    name     = "username-1"  # Name of the user
    path     = "/path/"      # Defaults to 'var.user_path' if variable is set to null
    groups   = [
      "group-name-1",        # group-name-1 must be defined in var.groups
      "group-name-2",        # group-name-1 must be defined in var.groups
    ]
    access_keys = [          # You can create up to two access keys
      {
        name    = "key-1"
        pgp_key = ""
        status  = "Inactive"
      },
      {
        name    = "key-2"
        pgp_key = ""
        status  = "Active"
      },
    ]
    permissions_boundary = "arn:aws:iam::aws:policy/PowerUserAccess"
    policies   = [
      "policy-name-1",        # policy-name-1 must be defined in var.policies
      "policy-name-2",        # policy-name-2 must be defined in var.policies
    ]
    policy_arns = [           # Attach policies by ARN
      "arn:aws:iam::aws:policy/AmazonEC2FullAccess",
      "arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess",
    ]
    inline_policies = [       # Attach inline policies defined via JSON files
      {
        name = "inline-policy-1"
        file = "data/policies/kms-ro.json"
        vars = {}
      },
      {
        name = "inline-policy-2"
        file = "data/policies/sqs-ro.json.tmpl"
        vars = {  # You can use variables inside JSON files
          var1 = "Some value",
          var2 = "Another value",
        }
      },
    ]
  },
]

If you want to attach dyamic policies created via aws_iam_policy_document. Have a look at this Example.

Usage

To run this example you need to execute:

$ terraform init
$ terraform plan
$ terraform apply

Note that this example may create resources which cost money. Run terraform destroy when you don't need these resources.

Requirements

No requirements.

Providers

No provider.

Inputs

Name Description Type Default Required
policies A list of dictionaries defining all policies.
list(object({
name = string # Name of the policy
path = string # Defaults to 'var.policy_path' if variable is set to null
desc = string # Defaults to 'var.policy_desc' if variable is set to null
file = string # Path to json or json.tmpl file of policy
vars = map(string) # Policy template variables {key: val, ...}
}))
[] no
users A list of dictionaries defining all users.
list(object({
name = string # Name of the user
path = string # Defaults to 'var.user_path' if variable is set to null
groups = list(string) # List of group names to add this user to
access_keys = list(object({
name = string # IaC identifier for first or second IAM access key (not used on AWS)
pgp_key = string # Leave empty for non or provide a b64-enc pubkey or keybase username
status = string # 'Active' or 'Inactive'
}))
permissions_boundary = string # ARN to a policy used as permissions boundary (or null/empty)
policies = list(string) # List of names of policies (must be defined in var.policies)
policy_arns = list(string) # List of existing policy ARN's
inline_policies = list(object({
name = string # Name of the inline policy
file = string # Path to json or json.tmpl file of policy
vars = map(string) # Policy template variables {key = val, ...}
}))
}))
[] no

Outputs

Name Description
policies Created customer managed IAM policies
users Created users