├── .deepsource.toml ├── .github ├── CODEOWNERS ├── PULL_REQUEST_TEMPLATE.md ├── dependabot.yml └── workflows │ ├── auto_assignee.yml │ ├── automerge.yml │ ├── changelog.yml │ ├── readme.yml │ ├── tf-checks.yml │ ├── tflint.yml │ └── tfsec.yml ├── .gitignore ├── .pre-commit-config.yaml ├── CHANGELOG.md ├── LICENSE ├── Makefile ├── README.md ├── README.yaml ├── docs └── io.md ├── examples ├── example.tf ├── outputs.tf └── versions.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf /.deepsource.toml: -------------------------------------------------------------------------------- 1 | version = 1 2 | 3 | [[analyzers]] 4 | name = "terraform" 5 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # These owners will be the default owners for everything in the repo. 2 | * @anmolnagpal @clouddrove/approvers @clouddrove-ci 3 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## what 2 | * Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) 3 | * Use bullet points to be concise and to the point. 4 | 5 | ## why 6 | * Provide the justifications for the changes (e.g. business case). 7 | * Describe why these changes were made (e.g. why do these commits fix the problem?) 8 | * Use bullet points to be concise and to the point. 9 | 10 | ## references 11 | * Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow). 12 | * Use `closes #123`, if this PR closes a Jira issue `#123` 13 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | 6 | version: 2 7 | updates: 8 | - package-ecosystem: "terraform" # See documentation for possible values 9 | directory: "/" # Location of package manifests 10 | schedule: 11 | interval: "weekly" 12 | # Add assignees 13 | assignees: 14 | - "clouddrove-ci" 15 | # Add reviewer 16 | reviewers: 17 | - "approvers" 18 | - package-ecosystem: "terraform" # See documentation for possible values 19 | directory: "examples/" # Location of package manifests 20 | schedule: 21 | interval: "weekly" 22 | # Add assignees 23 | assignees: 24 | - "clouddrove-ci" 25 | # Add reviewer 26 | reviewers: 27 | - "approvers" 28 | -------------------------------------------------------------------------------- /.github/workflows/auto_assignee.yml: -------------------------------------------------------------------------------- 1 | name: Auto Assign PRs 2 | 3 | on: 4 | pull_request: 5 | types: [opened, reopened] 6 | 7 | workflow_dispatch: 8 | jobs: 9 | assignee: 10 | uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master 11 | secrets: 12 | GITHUB: ${{ secrets.GITHUB }} 13 | with: 14 | assignees: 'clouddrove-ci' 15 | -------------------------------------------------------------------------------- /.github/workflows/automerge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Auto merge 3 | on: 4 | pull_request: 5 | jobs: 6 | auto-merge: 7 | uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master 8 | secrets: 9 | GITHUB: ${{ secrets.GITHUB }} 10 | with: 11 | tfcheck: 'examples / Check code format' 12 | ... 13 | -------------------------------------------------------------------------------- /.github/workflows/changelog.yml: -------------------------------------------------------------------------------- 1 | name: changelog 2 | permissions: write-all 3 | on: 4 | push: 5 | tags: 6 | - "*" 7 | workflow_dispatch: 8 | jobs: 9 | changelog: 10 | uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master 11 | secrets: inherit 12 | with: 13 | branch: 'master' 14 | -------------------------------------------------------------------------------- /.github/workflows/readme.yml: -------------------------------------------------------------------------------- 1 | name: Readme Workflow 2 | on: 3 | push: 4 | branches: 5 | - master 6 | paths-ignore: 7 | - 'README.md' 8 | - 'docs/**' 9 | workflow_dispatch: 10 | jobs: 11 | README: 12 | uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@master 13 | secrets: 14 | TOKEN : ${{ secrets.GITHUB }} 15 | SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} -------------------------------------------------------------------------------- /.github/workflows/tf-checks.yml: -------------------------------------------------------------------------------- 1 | name: tf-checks 2 | on: 3 | push: 4 | branches: [ master ] 5 | pull_request: 6 | workflow_dispatch: 7 | jobs: 8 | _example: 9 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 10 | with: 11 | working_directory: './examples/' 12 | 13 | -------------------------------------------------------------------------------- /.github/workflows/tflint.yml: -------------------------------------------------------------------------------- 1 | name: tf-lint 2 | on: 3 | push: 4 | branches: [ master ] 5 | pull_request: 6 | workflow_dispatch: 7 | jobs: 8 | tf-lint: 9 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master 10 | secrets: 11 | GITHUB: ${{ secrets.GITHUB }} 12 | -------------------------------------------------------------------------------- /.github/workflows/tfsec.yml: -------------------------------------------------------------------------------- 1 | name: tfsec 2 | permissions: write-all 3 | on: 4 | pull_request: 5 | workflow_dispatch: 6 | jobs: 7 | tfsec: 8 | uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master 9 | secrets: inherit 10 | with: 11 | working_directory: '.' 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ignored files 2 | *.tfstate 3 | *.tfstate.backup 4 | .terraform 5 | .idea 6 | *.iml 7 | *.terraform.lock.hcl 8 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | 3 | - repo: https://github.com/gruntwork-io/pre-commit 4 | rev: v0.1.12 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases 5 | hooks: 6 | - id: terraform-fmt 7 | - id: shellcheck 8 | 9 | - repo: git://github.com/pre-commit/pre-commit-hooks 10 | rev: v3.4.0 # Use the ref you want to point at 11 | hooks: 12 | - id: end-of-file-fixer 13 | - id: trailing-whitespace 14 | - id: mixed-line-ending 15 | - id: check-byte-order-marker 16 | - id: check-executables-have-shebangs 17 | - id: check-merge-conflict 18 | - id: debug-statements 19 | - id: check-yaml 20 | - id: check-added-large-files 21 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 6 | 7 | ## [1.3.0] - 2023-01-19 8 | ### :bug: Bug Fixes 9 | - [`67f7c3c`](https://github.com/clouddrove/terraform-aws-iam-user/commit/67f7c3c577ca80576da6cb32786a28b96454d0f7) - use terraform letast version. 10 | 11 | ## [1.0.1] - 2022-04-06 12 | 13 | ## [0.12.2.1] - 2021-09-06 14 | 15 | 16 | ## [0.15.0] - 2021-06-18 17 | ### :bug: Bug Fixes 18 | - [`3dda746`](https://github.com/clouddrove/terraform-aws-iam-user/commit/3dda746fe16a16a20cce444d1487400e5dbcf330) - update github-action 19 | 20 | 21 | ## [0.14.1] - 2021-04-14 22 | ### :bug: Bug Fixes 23 | - [`973df32`](https://github.com/clouddrove/terraform-aws-iam-user/commit/973df32f865857ada7354c70daef2cf56e1a9c09) - update in 0.15 24 | 25 | ## [0.14.0] - 2021-01-19 26 | ### :bug: Bug Fixes 27 | - [`b868631`](https://github.com/clouddrove/terraform-aws-iam-user/commit/b868631a292b3e810d6288cafedb5360cdffdd4f) - fix static variable 28 | - [`6c62667`](https://github.com/clouddrove/terraform-aws-iam-user/commit/6c6266790a49a56cceacc8e33928507c684625e7) - aws_secrt_encrypted 29 | 30 | 31 | ## [0.13.0] - 2020-10-28 32 | ### :bug: Bug Fixes 33 | - [`578b776`](https://github.com/clouddrove/terraform-aws-iam-user/commit/578b776ef96b9dc08b83e5fc3ff085c7561e67eb) - Upgrade to 0.14 34 | - [`f11932b`](https://github.com/clouddrove/terraform-aws-iam-user/commit/f11932bdbd7a8f4c3dee09a0ad6e28b211eb9687) - change tag name in main.tf 35 | - [`1a1bbed`](https://github.com/clouddrove/terraform-aws-iam-user/commit/1a1bbeddc5117908da062e03eec44f00532b0714) - upgrade terraform version 0.14 36 | 37 | 38 | ## [0.12.4] - 2020-01-15 39 | ### :bug: Bug Fixes 40 | - [`e1d1869`](https://github.com/clouddrove/terraform-aws-iam-user/commit/e1d1869c0158e62dd83f1a859f6635a6668b1e1c) - upgrade terraform version to 0.13.0 and add pipelines 41 | 42 | 43 | ## [0.12.3] - 2020-05-24 44 | ### :bug: Bug Fixes 45 | - [`928d8d2`](https://github.com/clouddrove/terraform-aws-iam-user/commit/928d8d23f42da5b5a1fd1db5e5ff0f2c9dec7ff9) - change function to attach policy 46 | 47 | 48 | ## [0.12.2] - 2020-03-30 49 | ### :bug: Bug Fixes 50 | - [`e6b5429`](https://github.com/clouddrove/terraform-aws-iam-user/commit/e6b54293db6837f23f5b9c72811feb431903d773) - fix teratest 51 | - [`145570e`](https://github.com/clouddrove/terraform-aws-iam-user/commit/145570e7013cb66bb38d7179aee2c9a7d2949071) - Add unique_id to the outputs 52 | 53 | 54 | ## [0.12.1] - 2020-01-29 55 | ### :bug: Bug Fixes 56 | - [`9450b35`](https://github.com/clouddrove/terraform-aws-iam-user/commit/9450b35ac7e08c9d3f64361391a2dd5966db12f7) - fix labels managedby variables 57 | 58 | 59 | ## [v0.12.0] - 2019-09-19 60 | ### :bug: Bug Fixes 61 | - [`b96abe8`](https://github.com/clouddrove/terraform-aws-iam-user/commit/b96abe8292e1bd6f335edaf18743258d64409999) - update module with policy arn 62 | 63 | 64 | [0.12.0]: https://github.com/clouddrove/terraform-aws-iam-user/compare/0.12.0...master 65 | [0.12.1]: https://github.com/clouddrove/terraform-aws-iam-user/compare/0.12.0...0.12.1 66 | [0.12.2]: https://github.com/clouddrove/terraform-aws-iam-user/compare/0.12.1...0.12.2 67 | [0.12.3]: https://github.com/clouddrove/terraform-aws-iam-user/compare/0.12.2...0.12.3 68 | [0.12.4]: https://github.com/clouddrove/terraform-aws-iam-user/compare/0.12.3...0.12.4 69 | [0.13.0]: https://github.com/clouddrove/terraform-aws-iam-user/compare/0.12.4...0.13.0 70 | [0.14.0]: https://github.com/clouddrove/terraform-aws-iam-user/compare/0.13.0...0.14.0 71 | [0.14.1]:https://github.com/clouddrove/terraform-aws-iam-user/compare/0.14.0...0.14.1 72 | [0.15.0]: https://github.com/clouddrove/terraform-aws-iam-user/compare/0.14.1...0.15.0 73 | [0.12.2.1]: https://github.com/clouddrove/terraform-aws-iam-user/compare/0.15.0...0.12.2.1 74 | [1.0.1]: https://github.com/clouddrove/terraform-aws-iam-user/compare/0.12.2.1...1.0.1 75 | [1.3.0]: https://github.com/clouddrove/terraform-aws-iam-user/compare/1.0.1...1.3.0 -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2021 CloudDrove Inc. 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | export GENIE_PATH ?= $(shell 'pwd')/../../../genie 2 | 3 | include $(GENIE_PATH)/Makefile 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | [][website] 3 |
8 | With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence. 9 |
10 | 11 | 12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
We are The Cloud Experts!
181 |We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.
183 | 184 | [website]: https://clouddrove.com 185 | [blog]: https://blog.clouddrove.com 186 | [slack]: https://www.launchpass.com/devops-talks 187 | [github]: https://github.com/clouddrove 188 | [linkedin]: https://cpco.io/linkedin 189 | [twitter]: https://twitter.com/clouddrove/ 190 | [email]: https://clouddrove.com/contact-us.html 191 | [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language= 192 | -------------------------------------------------------------------------------- /README.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # This is the canonical configuration for the `README.md` 4 | # Run `make readme` to rebuild the `README.md` 5 | # 6 | 7 | # Name of this project 8 | name : Terraform AWS Iam User 9 | 10 | # License of this project 11 | license: "APACHE" 12 | 13 | # Canonical GitHub repo 14 | github_repo: clouddrove/terraform-aws-iam-user 15 | 16 | # Badges to display 17 | badges: 18 | - name: "Latest Release" 19 | image: "https://img.shields.io/github/release/clouddrove/terraform-aws-iam-user.svg" 20 | url: "https://github.com/clouddrove/terraform-aws-iam-user/releases/latest" 21 | - name: "tfsec" 22 | image: "https://github.com/clouddrove/terraform-aws-iam-user/actions/workflows/tfsec.yml/badge.svg" 23 | url: "https://github.com/clouddrove/terraform-aws-iam-user/actions/workflows/tfsec.yml" 24 | - name: "Licence" 25 | image: "https://img.shields.io/badge/License-APACHE-blue.svg" 26 | url: "LICENSE.md" 27 | - name: "Changelog" 28 | image: "https://img.shields.io/badge/Changelog-blue" 29 | url: "CHANGELOG.md" 30 | 31 | prerequesties: 32 | - name: Terraform 33 | url: https://learn.hashicorp.com/terraform/getting-started/install.html 34 | version: ">= 1.6.6" 35 | 36 | providers: 37 | - name: aws 38 | url: https://aws.amazon.com/ 39 | version: ">= 5.31.0" 40 | 41 | module_dependencies: 42 | - name: Labels Module 43 | url: https://github.com/clouddrove/terraform-aws-labels 44 | description: Provides resource tagging. 45 | 46 | 47 | # description of this project 48 | description: |- 49 | Terraform module to create Iam user resource on AWS. 50 | 51 | # How to use this project 52 | usage : |- 53 | ### Simple example 54 | Here is an example of how you can use this module in your inventory structure: 55 | ```hcl 56 | module "iam-user" { 57 | source = "clouddrove/iam-user/aws" 58 | version = "1.3.0" 59 | name = "iam-user" 60 | environment = "test" 61 | label_order = ["name","environment"] 62 | policy_enabled = true 63 | policy = data.aws_iam_policy_document.default.json 64 | password_length = 20 65 | password_reset_required = true 66 | } 67 | 68 | data "aws_iam_policy_document" "default" { 69 | statement { 70 | actions = [ 71 | "ec2:Describe*" 72 | ] 73 | effect = "Allow" 74 | resources = ["*"] 75 | } 76 | } 77 | ``` 78 | -------------------------------------------------------------------------------- /docs/io.md: -------------------------------------------------------------------------------- 1 | ## Inputs 2 | 3 | | Name | Description | Type | Default | Required | 4 | |------|-------------|------|---------|:--------:| 5 | | attributes | Additional attributes (e.g. `1`). | `list(any)` | `[]` | no | 6 | | create\_iam\_user\_login\_profile | Whether to create IAM user login profile | `bool` | `true` | no | 7 | | create\_user | Whether to create the IAM user | `bool` | `true` | no | 8 | | delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | `string` | `"-"` | no | 9 | | enabled | Whether to create Iam user. | `bool` | `true` | no | 10 | | environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no | 11 | | force\_destroy | When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force\_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed. | `bool` | `false` | no | 12 | | groups | (Optional) List of IAM groups to add the User to. | `list(string)` | `[]` | no | 13 | | label\_order | Label order, e.g. `name`,`application`. | `list(any)` | `[]` | no | 14 | | managedby | ManagedBy, eg 'CloudDrove' | `string` | `"hello@clouddrove.com"` | no | 15 | | name | Name (e.g. `app` or `cluster`). | `string` | `""` | no | 16 | | password\_length | The length of the generated password | `number` | `20` | no | 17 | | password\_reset\_required | Whether the user should be forced to reset the generated password on first login. | `bool` | `true` | no | 18 | | path | The path to the role. | `string` | `"/"` | no | 19 | | permissions\_boundary | The ARN of the policy that is used to set the permissions boundary for the role. | `string` | `""` | no | 20 | | pgp\_key | Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some\_person\_that\_exists. | `string` | `""` | no | 21 | | policy | The policy document. | `any` | `null` | no | 22 | | policy\_arn | The ARN of the policy you want to apply. | `string` | `""` | no | 23 | | policy\_enabled | Whether to Attach Iam policy with user. | `bool` | `false` | no | 24 | | repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-iam-user"` | no | 25 | | ssh\_key\_encoding | Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM | `string` | `"SSH"` | no | 26 | | ssh\_public\_key | The SSH public key. The public key must be encoded in ssh-rsa format or PEM format | `string` | `""` | no | 27 | | status | The access key status to apply. Defaults to Active. Valid values are Active and Inactive. | `string` | `"Active"` | no | 28 | | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | `map(any)` | `{}` | no | 29 | | upload\_iam\_user\_ssh\_key | Whether to upload a public ssh key to the IAM user | `bool` | `false` | no | 30 | 31 | ## Outputs 32 | 33 | | Name | Description | 34 | |------|-------------| 35 | | arn | The ARN assigned by AWS for this user. | 36 | | key\_id | The access key ID. | 37 | | secret | The secret access key. Note that this will be written to the state file. Please supply a pgp\_key instead, which will prevent the secret from being stored in plain text. | 38 | | tags | A mapping of tags to assign to the resource. | 39 | | unique\_id | The unique ID assigned by AWS for this user. | 40 | 41 | -------------------------------------------------------------------------------- /examples/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "eu-west-1" 3 | } 4 | 5 | module "iam-user" { 6 | source = "../" 7 | 8 | name = "iam-user" 9 | environment = "test" 10 | label_order = ["name", "environment"] 11 | 12 | policy_enabled = false 13 | policy = data.aws_iam_policy_document.default.json 14 | pgp_key = "" 15 | password_length = 20 16 | password_reset_required = true 17 | } 18 | 19 | data "aws_iam_policy_document" "default" { 20 | statement { 21 | actions = [ 22 | "ec2:Describe*" 23 | ] 24 | effect = "Allow" 25 | resources = ["*"] 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /examples/outputs.tf: -------------------------------------------------------------------------------- 1 | output "arn" { 2 | value = module.iam-user.*.arn 3 | description = "The ARN assigned by AWS for this user." 4 | } 5 | 6 | output "unique_id" { 7 | value = module.iam-user.*.unique_id 8 | description = "The unique ID assigned by AWS for this user." 9 | } 10 | 11 | output "key_id" { 12 | value = module.iam-user.*.key_id 13 | description = "The ARN assigned by AWS for this user." 14 | } 15 | 16 | output "secret" { 17 | value = module.iam-user.*.secret 18 | description = "The ARN assigned by AWS for this user." 19 | sensitive = true 20 | } 21 | 22 | output "tags" { 23 | value = module.iam-user.tags 24 | description = "A mapping of tags to assign to the resource." 25 | } 26 | -------------------------------------------------------------------------------- /examples/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | # Managed By : CloudDrove 2 | # Description : Terraform module to create IAM user resource on AWS. 3 | # Copyright @ CloudDrove. All Right Reserved. 4 | 5 | #Module : label 6 | #Description : This terraform module is designed to generate consistent label names and tags 7 | # for resources. You can use terraform-labels to implement a strict naming 8 | # convention. 9 | 10 | 11 | module "labels" { 12 | source = "clouddrove/labels/aws" 13 | version = "1.3.0" 14 | 15 | name = var.name 16 | environment = var.environment 17 | repository = var.repository 18 | managedby = var.managedby 19 | attributes = var.attributes 20 | label_order = var.label_order 21 | } 22 | 23 | # Module : IAM user 24 | # Description : Terraform module to create IAm user resource on AWS. 25 | resource "aws_iam_user" "default" { 26 | count = var.enabled ? 1 : 0 27 | 28 | name = module.labels.id 29 | force_destroy = var.force_destroy 30 | path = var.path 31 | permissions_boundary = var.permissions_boundary 32 | tags = module.labels.tags 33 | } 34 | 35 | resource "aws_iam_access_key" "default" { 36 | count = var.enabled ? 1 : 0 37 | user = aws_iam_user.default.*.name[0] 38 | pgp_key = var.pgp_key 39 | status = var.status 40 | } 41 | 42 | resource "aws_iam_user_policy" "default" { 43 | count = var.enabled && var.policy_enabled && var.policy_arn == "" ? 1 : 0 44 | name = format("%s-policy", module.labels.id) 45 | user = aws_iam_user.default.*.name[0] 46 | policy = var.policy 47 | } 48 | 49 | resource "aws_iam_user_policy_attachment" "default" { 50 | count = var.enabled && var.policy_enabled && var.policy_arn != "" ? 1 : 0 51 | user = aws_iam_user.default.*.name[0] 52 | policy_arn = var.policy_arn 53 | } 54 | 55 | resource "aws_iam_user_group_membership" "default" { 56 | count = var.enabled && length(var.groups) > 0 ? 1 : 0 57 | user = aws_iam_user.default[count.index].name 58 | groups = var.groups 59 | depends_on = [aws_iam_user.default] 60 | } 61 | 62 | resource "aws_iam_user_login_profile" "default" { 63 | count = var.create_user && var.create_iam_user_login_profile ? 1 : 0 64 | user = aws_iam_user.default[0].name 65 | password_length = var.password_length 66 | password_reset_required = var.password_reset_required 67 | } 68 | 69 | resource "aws_iam_user_ssh_key" "default" { 70 | count = var.create_user && var.upload_iam_user_ssh_key ? 1 : 0 71 | username = aws_iam_user.default[0].name 72 | encoding = var.ssh_key_encoding 73 | public_key = var.ssh_public_key 74 | } -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | # Module : Iam Role 2 | # Description : Terraform module to create Iam Role resource on AWS. 3 | output "arn" { 4 | value = join("", aws_iam_user.default.*.arn) 5 | description = "The ARN assigned by AWS for this user." 6 | } 7 | 8 | output "unique_id" { 9 | value = join("", aws_iam_user.default.*.unique_id) 10 | description = "The unique ID assigned by AWS for this user." 11 | } 12 | 13 | output "key_id" { 14 | value = join("", aws_iam_access_key.default.*.id) 15 | description = "The access key ID." 16 | } 17 | 18 | output "secret" { 19 | value = var.pgp_key == "" ? join("", aws_iam_access_key.default.*.secret) : join("", aws_iam_access_key.default.*.encrypted_secret) 20 | description = "The secret access key. Note that this will be written to the state file. Please supply a pgp_key instead, which will prevent the secret from being stored in plain text." 21 | sensitive = true 22 | } 23 | 24 | output "tags" { 25 | value = module.labels.tags 26 | description = "A mapping of tags to assign to the resource." 27 | } -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | #Module : LABEL 2 | #Description : Terraform label module variables 3 | variable "name" { 4 | type = string 5 | default = "" 6 | description = "Name (e.g. `app` or `cluster`)." 7 | } 8 | variable "repository" { 9 | type = string 10 | default = "https://github.com/clouddrove/terraform-aws-iam-user" 11 | description = "Terraform current module repo" 12 | } 13 | 14 | 15 | variable "environment" { 16 | type = string 17 | default = "" 18 | description = "Environment (e.g. `prod`, `dev`, `staging`)." 19 | } 20 | 21 | variable "label_order" { 22 | type = list(any) 23 | default = [] 24 | description = "Label order, e.g. `name`,`application`." 25 | } 26 | 27 | variable "attributes" { 28 | type = list(any) 29 | default = [] 30 | description = "Additional attributes (e.g. `1`)." 31 | } 32 | 33 | variable "delimiter" { 34 | type = string 35 | default = "-" 36 | description = "Delimiter to be used between `organization`, `environment`, `name` and `attributes`." 37 | } 38 | 39 | variable "tags" { 40 | type = map(any) 41 | default = {} 42 | description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)." 43 | } 44 | 45 | variable "managedby" { 46 | type = string 47 | default = "hello@clouddrove.com" 48 | description = "ManagedBy, eg 'CloudDrove'" 49 | } 50 | 51 | # Module : Iam Role 52 | # Description : Terraform Iam Role module variables. 53 | variable "enabled" { 54 | type = bool 55 | default = true 56 | description = "Whether to create Iam user." 57 | } 58 | 59 | variable "force_destroy" { 60 | type = bool 61 | default = false 62 | description = "When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed." 63 | } 64 | 65 | variable "path" { 66 | type = string 67 | default = "/" 68 | description = "The path to the role." 69 | } 70 | 71 | variable "permissions_boundary" { 72 | type = string 73 | default = "" 74 | description = "The ARN of the policy that is used to set the permissions boundary for the role." 75 | sensitive = true 76 | } 77 | 78 | variable "pgp_key" { 79 | type = string 80 | default = "" 81 | description = "Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists." 82 | sensitive = true 83 | } 84 | 85 | variable "status" { 86 | type = string 87 | default = "Active" 88 | description = "The access key status to apply. Defaults to Active. Valid values are Active and Inactive." 89 | } 90 | 91 | variable "policy" { 92 | default = null 93 | description = "The policy document." 94 | } 95 | 96 | variable "policy_enabled" { 97 | type = bool 98 | default = false 99 | description = "Whether to Attach Iam policy with user." 100 | } 101 | 102 | variable "policy_arn" { 103 | type = string 104 | default = "" 105 | description = "The ARN of the policy you want to apply." 106 | sensitive = true 107 | } 108 | 109 | variable "groups" { 110 | type = list(string) 111 | default = [] 112 | description = "(Optional) List of IAM groups to add the User to." 113 | } 114 | 115 | variable "create_user" { 116 | type = bool 117 | default = true 118 | description = "Whether to create the IAM user" 119 | } 120 | 121 | variable "create_iam_user_login_profile" { 122 | type = bool 123 | default = true 124 | description = "Whether to create IAM user login profile" 125 | } 126 | 127 | variable "password_reset_required" { 128 | type = bool 129 | default = true 130 | description = "Whether the user should be forced to reset the generated password on first login." 131 | } 132 | 133 | variable "password_length" { 134 | type = number 135 | default = 20 136 | description = "The length of the generated password" 137 | } 138 | 139 | variable "upload_iam_user_ssh_key" { 140 | type = bool 141 | default = false 142 | description = "Whether to upload a public ssh key to the IAM user" 143 | } 144 | variable "ssh_key_encoding" { 145 | type = string 146 | default = "SSH" 147 | description = "Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM" 148 | } 149 | 150 | variable "ssh_public_key" { 151 | type = string 152 | default = "" 153 | description = "The SSH public key. The public key must be encoded in ssh-rsa format or PEM format" 154 | } 155 | 156 | -------------------------------------------------------------------------------- /versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } --------------------------------------------------------------------------------