Provides IAM user management with Terraform scripts. Keybase provides security for initial temporary password.
- Create the
terraform.tfvarsfile according to your needs. The profile name corresponds to entries in your~/.aws/credentialsfile.
cat <<EOF >terraform.tfvars
aws_profile_name = "personal"
region = "us-east-1"
EOF-
Adjust the contents of
iam-groups.tfas needed. This file defines theaws_iam_group,aws_iam_policyandaws_iam_group_policy_attachmentassociated with IAM and the users you will create.- Here is an example of a group definition.
resource "aws_iam_group" "administrators" {
name = "administrators"
path = "/"
}
* Here is an example of a policy definition. I am using pre-defined policies. Custom policies can be used but are a little more involved to define.
data "aws_iam_policy" "AdministratorAccess" {
arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}
* Here is an examlpe of a group policy attachment. Each policy attached to a group requires its own Terraform resource.
resource "aws_iam_group_policy_attachment" "administrator" {
group = aws_iam_group.administrators.name
policy_arn = data.aws_iam_policy.AdministratorAccess.arn
}
- Initialize Terraform.
terraform init- Apply Terraform using a helper script that ensures a log file is created of all output. Very helpful for validating the application or for debugging when something goes horribly wrong.
./tfa