This module creates following resources.
aws_iam_useraws_iam_user_group_membershipaws_iam_user_policy(optional)aws_iam_user_policy_attachment(optional)aws_iam_user_login_profile(optional)aws_iam_access_key(optional)aws_iam_user_ssh_key(optional)aws_iam_service_specific_credential(optional)
If possible, always use PGP encryption to prevent Terraform from keeping unencrypted password and access secret key in state file.
When pgp_key is specified as keybase:username, make sure that that user has already uploaded public key to keybase.io. For example, user with username test has done it properly and you can verify it here.
| Name | Version |
|---|---|
| terraform | >= 1.5 |
| aws | >= 4.1 |
| Name | Version |
|---|---|
| aws | 5.19.0 |
| Name | Source | Version |
|---|---|---|
| resource_group | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 |
| Name | Type |
|---|---|
| aws_iam_access_key.this | resource |
| aws_iam_service_specific_credential.this | resource |
| aws_iam_user.this | resource |
| aws_iam_user_group_membership.this | resource |
| aws_iam_user_login_profile.this | resource |
| aws_iam_user_policy.assume_role | resource |
| aws_iam_user_policy.inline | resource |
| aws_iam_user_policy_attachment.managed | resource |
| aws_iam_user_ssh_key.this | resource |
| aws_iam_policy_document.assume_role | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | (Required) Desired name for the IAM user. | string |
n/a | yes |
| access_keys | (Optional) A list of Access Keys to associate with the IAM user. This is a set of credentials that allow API requests to be made as an IAM user. Each value of access_keys block as defined below.(Required) enabled - Whether to activate the Access Key. |
list(map(bool)) |
[] |
no |
| assumable_roles | (Optional) List of IAM roles ARNs which can be assumed by the user. | list(string) |
[] |
no |
| console_access | (Optional) The configuration of the AWS console access and password for the user. console_access block as defined below.(Optional) enabled - Whether to activate the AWS console access and password.(Optional) password_length - The length of the generated password. Only applies on resource creation. Default value is 20.(Optional) password_reset_required - Whether the user should be forced to reset the generated password on first login. Defaults to true. |
any |
{} |
no |
| force_destroy | (Optional) When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed. | bool |
false |
no |
| groups | (Optional) A list of IAM Groups to add the user to. | list(string) |
[] |
no |
| inline_policies | (Optional) Map of inline IAM policies to attach to IAM user. (name => policy). |
map(string) |
{} |
no |
| module_tags_enabled | (Optional) Whether to create AWS Resource Tags for the module informations. | bool |
true |
no |
| path | (Optional) Desired path for the IAM user. | string |
"/" |
no |
| permissions_boundary | (Optional) The ARN of the policy that is used to set the permissions boundary for the user. | string |
null |
no |
| pgp_key | (Optional) Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key. | string |
"" |
no |
| policies | (Optional) List of IAM policies ARNs to attach to IAM user. | list(string) |
[] |
no |
| resource_group_description | (Optional) The description of Resource Group. | string |
"Managed by Terraform." |
no |
| resource_group_enabled | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | bool |
true |
no |
| resource_group_name | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws. |
string |
"" |
no |
| service_credentials | (Optional) A list of service specific credentials to associate with the IAM user. Each value of service_credentials block as defined below.(Required) service - The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.(Optional) enabled - Whether to activate the service specific credential. |
any |
[] |
no |
| ssh_keys | (Optional) A list of SSH public keys to associate with the IAM user. Each value of ssh_keys block as defined below.(Required) public_key - The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.(Optional) encoding - Specify the public key encoding format. Valid values are SSH and PEM. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.(Optional) enabled - Whether to activate the SSH public key. |
any |
[] |
no |
| tags | (Optional) A map of tags to add to all resources. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| access_keys | The list of IAM Access Keys for the user. |
| arn | The ARN assigned by AWS for this user. |
| assumable_roles | List of ARNs of IAM roles which IAM user can assume. |
| console_access | The information of the AWS console access and password for the user. |
| groups | The list of IAM Groups. |
| inline_policies | List of names of inline IAM polices which are attached to IAM user. |
| name | The user's name. |
| pgp_key | PGP key used to encrypt sensitive data for this user (if empty - secrets are not encrypted). |
| policies | List of ARNs of IAM policies which are atached to IAM user. |
| service_credentials | The list of service specific credentials for the user. |
| ssh_keys | The list of SSH public keys for the user. |
| unique_id | The unique ID assigned by AWS. |