Skip to content

ulfox/terraform-aws-iam

BranchesTags

Repository files navigation

terraform-aws-iam

Terraform module for managing AWS IAM

Generic Example

In the following example we will create:

  • 1 Role
  • 1 Role Policy
  • 1 Policy
  • 1 User
  • 1 User Policy
  • 1 Group
  • 1 Group Policy

In the next example we will attach a policy that either exists or will be created in a different step

module "iam" {
    source = "github.com/ulfox/terraform-aws-iam.git?ref=v0.0.1"
    region = "eu-north-1"
    profile = "sres"

    role_name = [
        "someRole",
    ]

    role_description = [
        "someDescription",
    ]

    role_assume_role_policy = [
        {
            "Version" : "2012-10-17",
            "Statement" : [
                {
                    "Effect" : "Allow",
                    "Principal" : {
                        "Service" : [
                            "ec2.amazonaws.com"
                        ]
                    },
                    "Action" : "sts:AssumeRole"
                }
            ]
        },
    ]

    role_tags = [
        {
            "Name"        = "someNmae"
        }
    ]

    role_policy = [
        {
            "Version" : "2012-10-17",
            "Statement" : [
            {
                "Action" : [
                "sts:GetCallerIdentity"
                ],
                "Resource" : "*",
                "Effect" : "Allow"
            }
            ]
        }
    ]

    profile_name = ["someProfileName"]

    policy = [
        {
            "Version" : "2012-10-17",
            "Statement" : [
            {
                "Action" : [
                "sts:GetCallerIdentity"
                ],
                "Resource" : "*",
                "Effect" : "Allow"
            }
            ]
        },
    ]

    group_name = ["someGroupName"]

    group_policy = [
        {
        "Version" : "2012-10-17",
        "Statement" : [
            {
            "Action" : [
                "sts:GetCallerIdentity"
            ],
            "Resource" : "*",
            "Effect" : "Allow"
            }
        ]
        },
    ]

    user_name = ["someUserA"]
    user_path = ["/"]

    user_policy_name = [
        "somePolicyName",
    ]

    user_policy = [
        {
        "Version" : "2012-10-17",
        "Statement" : [
            {
            "Action" : [
                "sts:GetCallerIdentity"
            ],
            "Resource" : "*",
            "Effect" : "Allow"
            }
        ]
        },
    ]

    user_group_membership_groups = ["someGroupName"]
}

Policy Attachment

Attaching a new managed policy to a role

  • 1 Role Policy Attachment

Note: The policy can also be created and attached to the role on creation (see first example)

module "iam_policy_attachment" {
    source = "github.com/ulfox/terraform-aws-iam.git?ref=v0.0.1"
    region = "eu-north-1"
    profile = "sres"

    role_policy_attachment_name = [
        module.iam.policy_name[0]
    ]
    role_policy_attachment_role_arn = [
        module.iam.role_arn[0]
    ]
}

Requirements

Name Version
aws >= 2.28.1

Providers

Name Version
aws >= 2.28.1

Inputs

Name Description Type Default Required
group_name The group's name list(string) [] no
group_name_prefix Creates a unique name beginning with the specified prefix list(string) [] no
group_path Path in which to create the group list(string) [] no
group_policy The policy document any null no
group_policy_attachment_group_arn The ARN of the policy you want to apply list(string) [] no
group_policy_attachment_name The group the policy should be applied to list(string) [] no
group_policy_name The name of the policy list(string) [] no
policy The policy document any null no
policy_description Description of the IAM policy list(string) [] no
policy_enabled Enable IAM Policy bool false no
policy_name The name of the policy list(string) [] no
policy_name_prefix Creates a unique name beginning with the specified prefix list(string) [] no
policy_path Path in which to create the policy list(string) [] no
profile the AWS profile string n/a yes
profile_name The profile's name list(string) [] no
profile_name_prefix Creates a unique name beginning with the specified prefix list(string) [] no
profile_path Path in which to create the profile list(string) [] no
region the AWS region in which resources are created string n/a yes
role_assume_role_policy The policy that grants an entity permission to assume the role any null no
role_description The description of the role list(string) [] no
role_enabled Enable IAM Role bool false no
role_force_detach_policies Specifies to force detaching any policies the role has before destroying it list(bool) 
[
  false
]
 no
role_name The name of the role list(string) [] no
role_name_prefix Creates a unique name beginning with the specified prefix list(string) [] no
role_path The path to the role list(string) [] no
role_policy The inline policy document. This is a JSON formatted string any null no
role_policy_attachment_name The role the policy should be applied to list(string) [] no
role_policy_attachment_role_arn The ARN of the policy you want to apply list(string) [] no
role_policy_name The name of the role policy list(string) [] no
role_policy_name_prefix reates a unique name beginning with the specified prefix. Conflicts with name. list(string) [] no
role_policy_role_name The IAM role to attach to the policy list(string) [] no
role_tags Key-value map of tags for the IAM role list(map(string)) null no
user_force_destroy When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices list(bool) [] no
user_name The name of the user list(string) [] no
user_path The path to the user list(string) [] no
user_permissions_boundary The ARN of the policy that is used to set the permissions boundary for the user list(string) [] no
user_policy The policy document any null no
user_policy_attachment_arn The ARN of the policy you want to apply list(string) [] no
user_policy_attachment_name The user the policy should be applied to list(string) [] no
user_policy_id IAM user to which to attach this policy list(string) [] no
user_policy_name The policy name of the user list(string) [] no
user_policy_name_prefix The policy name prefix of the user list(string) [] no
user_tags Key-value map of tags for the IAM user list(map(string)) [] no

Outputs

Name Description
aws_iam_group_policy_arn The ARN of the policy you want to apply
aws_iam_group_policy_attachment The group the policy should be applied to
group_arn The group arn
group_id The group id
group_name The group name
group_policy The group to which the policy applies
group_policy_document The policy document
group_policy_id The group policy id
group_policy_name The policy name
group_unique_id The group unique id
policy_arn The policy arn
policy_attachment_id The policy attachment id
policy_attachment_name The policy attachment name
policy_description The policy description
policy_document The policy document
policy_id The policy id
policy_name The policy name
policy_path The policy path
profile_arn The profile arn
profile_id The profile id
profile_name The profile name
profile_path The profile path
profile_role The profile role
role_arn The role arn
role_description The role description
role_id The role id
role_name The role name
role_policy_document The policy document
role_policy_id The policy id
role_policy_name The policy name
role_policy_role The policy role
role_unique_id The role unique id
user_arn The user's arn
user_name The user's name
user_policy_id The user policy ID, in the form of user_name:user_policy_name
user_policy_name The name of the policy
user_unique_id The user's unique id

About

Terraform module for managing AWS IAM

Topics

terraform aws-iam terraform-modules terraform-aws terrafom-module

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages