From 898e5b0555807cffc90647d8b2d171792d792f2d Mon Sep 17 00:00:00 2001 From: Weyder Ferreira Date: Thu, 5 Jan 2023 16:27:57 -0300 Subject: [PATCH] Refactoring IAM Modules --- iam/group/vars.tf | 10 ---- iam/groups/group/README.md | 37 ++++++++++++++ iam/{ => groups}/group/main.tf | 4 +- iam/{ => groups}/group/outputs.tf | 0 iam/groups/group/vars.tf | 10 ++++ iam/policies/policy-document/README.md | 33 +++++++++++++ .../policy-document}/main.tf | 2 +- iam/policies/policy-document/outuputs.tf | 4 ++ .../policy-document}/vars.tf | 0 iam/policies/policy/README.md | 40 +++++++++++++++ iam/{ => policies}/policy/main.tf | 0 iam/{ => policies}/policy/outuputs.tf | 8 +-- iam/policies/policy/vars.tf | 23 +++++++++ iam/policy/vars.tf | 23 --------- iam/policy_document/outuputs.tf | 4 -- iam/role/main.tf | 15 ------ iam/role/outputs.tf | 11 ----- iam/role/vars.tf | 49 ------------------- iam/roles/instance-profile/main.tf | 6 +++ iam/roles/instance-profile/outputs.tf | 16 ++++++ iam/roles/instance-profile/vars.tf | 23 +++++++++ iam/roles/instance_profile/main.tf | 6 +++ iam/roles/instance_profile/outputs.tf | 16 ++++++ iam/roles/instance_profile/vars.tf | 23 +++++++++ .../role-policy-attachment}/main.tf | 4 +- .../role-policy-attachment}/vars.tf | 6 +-- iam/roles/role-policy/README.md | 35 +++++++++++++ iam/roles/role-policy/main.tf | 5 ++ iam/roles/role-policy/outputs.tf | 3 ++ iam/roles/role-policy/vars.tf | 12 +++++ iam/roles/role/README.md | 38 ++++++++++++++ iam/roles/role/main.tf | 7 +++ iam/roles/role/outputs.tf | 7 +++ iam/roles/role/vars.tf | 23 +++++++++ iam/roles/role_policy_attachment/main.tf | 4 ++ iam/roles/role_policy_attachment/vars.tf | 11 +++++ iam/user/vars.tf | 25 ---------- iam/users/user/README.md | 42 ++++++++++++++++ iam/{ => users}/user/main.tf | 8 +-- iam/{ => users}/user/output.tf | 2 +- iam/users/user/vars.tf | 25 ++++++++++ 41 files changed, 466 insertions(+), 154 deletions(-) delete mode 100644 iam/group/vars.tf create mode 100644 iam/groups/group/README.md rename iam/{ => groups}/group/main.tf (92%) rename iam/{ => groups}/group/outputs.tf (100%) create mode 100644 iam/groups/group/vars.tf create mode 100644 iam/policies/policy-document/README.md rename iam/{policy_document => policies/policy-document}/main.tf (89%) create mode 100644 iam/policies/policy-document/outuputs.tf rename iam/{policy_document => policies/policy-document}/vars.tf (100%) create mode 100644 iam/policies/policy/README.md rename iam/{ => policies}/policy/main.tf (100%) rename iam/{ => policies}/policy/outuputs.tf (59%) create mode 100644 iam/policies/policy/vars.tf delete mode 100644 iam/policy/vars.tf delete mode 100644 iam/policy_document/outuputs.tf delete mode 100644 iam/role/main.tf delete mode 100644 iam/role/outputs.tf delete mode 100644 iam/role/vars.tf create mode 100644 iam/roles/instance-profile/main.tf create mode 100644 iam/roles/instance-profile/outputs.tf create mode 100644 iam/roles/instance-profile/vars.tf create mode 100644 iam/roles/instance_profile/main.tf create mode 100644 iam/roles/instance_profile/outputs.tf create mode 100644 iam/roles/instance_profile/vars.tf rename iam/{role_policy_attachment => roles/role-policy-attachment}/main.tf (55%) rename iam/{role_policy_attachment => roles/role-policy-attachment}/vars.tf (61%) create mode 100644 iam/roles/role-policy/README.md create mode 100644 iam/roles/role-policy/main.tf create mode 100644 iam/roles/role-policy/outputs.tf create mode 100644 iam/roles/role-policy/vars.tf create mode 100644 iam/roles/role/README.md create mode 100644 iam/roles/role/main.tf create mode 100644 iam/roles/role/outputs.tf create mode 100644 iam/roles/role/vars.tf create mode 100644 iam/roles/role_policy_attachment/main.tf create mode 100644 iam/roles/role_policy_attachment/vars.tf delete mode 100644 iam/user/vars.tf create mode 100644 iam/users/user/README.md rename iam/{ => users}/user/main.tf (79%) rename iam/{ => users}/user/output.tf (81%) create mode 100644 iam/users/user/vars.tf diff --git a/iam/group/vars.tf b/iam/group/vars.tf deleted file mode 100644 index 73b5bfc..0000000 --- a/iam/group/vars.tf +++ /dev/null @@ -1,10 +0,0 @@ -variable "name" { - type = string - default = null - description = " (Required) The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both ADMINS and admins." -} -variable "path" { - type = string - default = "/" - description = "(Optional, default /) Path in which to create the group." -} \ No newline at end of file diff --git a/iam/groups/group/README.md b/iam/groups/group/README.md new file mode 100644 index 0000000..0382a12 --- /dev/null +++ b/iam/groups/group/README.md @@ -0,0 +1,37 @@ + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_group.group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [name](#input\_name) | (Required) The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-\_.. Group names are not distinguished by case. For example, you cannot create groups named both ADMINS and admins. | `string` | `null` | no | +| [path](#input\_path) | (Optional, default /) Path in which to create the group. | `string` | `"/"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [arn](#output\_arn) | n/a | +| [id](#output\_id) | n/a | +| [name](#output\_name) | n/a | +| [path](#output\_path) | n/a | + \ No newline at end of file diff --git a/iam/group/main.tf b/iam/groups/group/main.tf similarity index 92% rename from iam/group/main.tf rename to iam/groups/group/main.tf index 3900057..ef93c31 100644 --- a/iam/group/main.tf +++ b/iam/groups/group/main.tf @@ -1,6 +1,6 @@ resource "aws_iam_group" "group" { - + name = var.name path = var.path - + } \ No newline at end of file diff --git a/iam/group/outputs.tf b/iam/groups/group/outputs.tf similarity index 100% rename from iam/group/outputs.tf rename to iam/groups/group/outputs.tf diff --git a/iam/groups/group/vars.tf b/iam/groups/group/vars.tf new file mode 100644 index 0000000..9407a49 --- /dev/null +++ b/iam/groups/group/vars.tf @@ -0,0 +1,10 @@ +variable "name" { + type = string + default = null + description = " (Required) The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both ADMINS and admins." +} +variable "path" { + type = string + default = "/" + description = "(Optional, default /) Path in which to create the group." +} \ No newline at end of file diff --git a/iam/policies/policy-document/README.md b/iam/policies/policy-document/README.md new file mode 100644 index 0000000..627a8ae --- /dev/null +++ b/iam/policies/policy-document/README.md @@ -0,0 +1,33 @@ + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy_document.policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_document) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [statement](#input\_statement) | (Required) - Statement definitions. | `list(object({ actions = list(string), effect = list(string), resources = list(string), sid = string }))` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [json](#output\_json) | The Policy Name | + \ No newline at end of file diff --git a/iam/policy_document/main.tf b/iam/policies/policy-document/main.tf similarity index 89% rename from iam/policy_document/main.tf rename to iam/policies/policy-document/main.tf index 5e95914..e297986 100644 --- a/iam/policy_document/main.tf +++ b/iam/policies/policy-document/main.tf @@ -1,6 +1,6 @@ resource "aws_iam_policy_document" "policy_document" { dynamic "statement" { - for_each = var.statement + for_each = var.statement content { actions = statement.value.actions effect = statement.value.effect diff --git a/iam/policies/policy-document/outuputs.tf b/iam/policies/policy-document/outuputs.tf new file mode 100644 index 0000000..f82719b --- /dev/null +++ b/iam/policies/policy-document/outuputs.tf @@ -0,0 +1,4 @@ +output "json" { + description = "The Policy Name" + value = aws_iam_policy_document.policy_document.json +} diff --git a/iam/policy_document/vars.tf b/iam/policies/policy-document/vars.tf similarity index 100% rename from iam/policy_document/vars.tf rename to iam/policies/policy-document/vars.tf diff --git a/iam/policies/policy/README.md b/iam/policies/policy/README.md new file mode 100644 index 0000000..15d5b32 --- /dev/null +++ b/iam/policies/policy/README.md @@ -0,0 +1,40 @@ + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [description](#input\_description) | (Optional, Forces new resource) Description of the IAM policy. | `string` | `null` | no | +| [name](#input\_name) | (Optional, Forces new resource) The name of the policy. If omitted, Terraform will assign a random, unique name. | `string` | `null` | no | +| [path](#input\_path) | (Optional, default /) Path in which to create the policy. See IAM Identifiers for more information. | `string` | `"/"` | no | +| [policy](#input\_policy) | (Required) The policy document. This is a JSON formatted string. | `any` | n/a | yes | +| [tags](#input\_tags) | The TAG list | `map(string)` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [arn](#output\_arn) | The ARN assigned by AWS to this policy | +| [description](#output\_description) | The porpouse of these policy | +| [name](#output\_name) | The Policy Name | +| [path](#output\_path) | The path of the policy in IAM | + \ No newline at end of file diff --git a/iam/policy/main.tf b/iam/policies/policy/main.tf similarity index 100% rename from iam/policy/main.tf rename to iam/policies/policy/main.tf diff --git a/iam/policy/outuputs.tf b/iam/policies/policy/outuputs.tf similarity index 59% rename from iam/policy/outuputs.tf rename to iam/policies/policy/outuputs.tf index 658084f..335f502 100644 --- a/iam/policy/outuputs.tf +++ b/iam/policies/policy/outuputs.tf @@ -1,11 +1,11 @@ output "name" { - description = "The Policy Name" - value = aws_iam_policy.policy.name + description = "The Policy Name" + value = aws_iam_policy.policy.name } output "description" { - description = "The porpouse of these policy" - value = aws_iam_policy.policy.description + description = "The porpouse of these policy" + value = aws_iam_policy.policy.description } output "arn" { diff --git a/iam/policies/policy/vars.tf b/iam/policies/policy/vars.tf new file mode 100644 index 0000000..92245e9 --- /dev/null +++ b/iam/policies/policy/vars.tf @@ -0,0 +1,23 @@ +variable "name" { + type = string + default = null + description = "(Optional, Forces new resource) The name of the policy. If omitted, Terraform will assign a random, unique name." +} +variable "path" { + type = string + default = "/" + description = "(Optional, default /) Path in which to create the policy. See IAM Identifiers for more information." +} +variable "description" { + type = string + default = null + description = "(Optional, Forces new resource) Description of the IAM policy." +} +variable "policy" { + description = "(Required) The policy document. This is a JSON formatted string. " +} +variable "tags" { + type = map(string) + default = {} + description = "The TAG list" +} \ No newline at end of file diff --git a/iam/policy/vars.tf b/iam/policy/vars.tf deleted file mode 100644 index 9a21d03..0000000 --- a/iam/policy/vars.tf +++ /dev/null @@ -1,23 +0,0 @@ -variable "name" { - type = string - default = null - description = "(Optional, Forces new resource) The name of the policy. If omitted, Terraform will assign a random, unique name." -} -variable "path" { - type = string - default = "/" - description = "(Optional, default /) Path in which to create the policy. See IAM Identifiers for more information." -} -variable "description" { - type = string - default = null - description = "(Optional, Forces new resource) Description of the IAM policy." -} -variable "policy" { - description = "(Required) The policy document. This is a JSON formatted string. " -} -variable "tags" { - type = map(string) - default = {} - description = "The TAG list" -} \ No newline at end of file diff --git a/iam/policy_document/outuputs.tf b/iam/policy_document/outuputs.tf deleted file mode 100644 index ae51abe..0000000 --- a/iam/policy_document/outuputs.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "json" { - description = "The Policy Name" - value = aws_iam_policy_document.policy_document.json -} diff --git a/iam/role/main.tf b/iam/role/main.tf deleted file mode 100644 index 0d569e8..0000000 --- a/iam/role/main.tf +++ /dev/null @@ -1,15 +0,0 @@ -resource "aws_iam_role" "role" { - name = var.name - assume_role_policy = var.assume_role_policy - description = var.description - max_session_duration = var.max_session_duration - - tags = var.tags -} - -resource "aws_iam_role_policy_attachment" "policy_attachment" { - for_each = var.policies - - role = aws_iam_role.role.name - policy_arn = each.value -} diff --git a/iam/role/outputs.tf b/iam/role/outputs.tf deleted file mode 100644 index 00e43da..0000000 --- a/iam/role/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "name" { - value = aws_iam_role.role.name -} - -output "arn" { - value = aws_iam_role.role.arn -} - -output "description" { - value = aws_iam_role.role.description -} diff --git a/iam/role/vars.tf b/iam/role/vars.tf deleted file mode 100644 index 8d74f77..0000000 --- a/iam/role/vars.tf +++ /dev/null @@ -1,49 +0,0 @@ -variable "name" { - type = string - default = null - description = "The name of the Role" -} - -variable "assume_role_policy" { - type = string - default = <<-EOT - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - } -EOT - - description = "The policy permitions JSON AWS Syntax" - -} -variable "description" { - type = string - default = "" - description = "The description of them" -} - -variable "max_session_duration" { - type = number - default = 1 - description = "The duration of session" -} - -variable "tags" { - type = map(string) - default = {} - description = "A map of tags." -} - -variable "policies" { - type = set(string) - default = [] - description = "The policies that should be attached to the role." -} diff --git a/iam/roles/instance-profile/main.tf b/iam/roles/instance-profile/main.tf new file mode 100644 index 0000000..bd357b9 --- /dev/null +++ b/iam/roles/instance-profile/main.tf @@ -0,0 +1,6 @@ +resource "aws_iam_instance_profile" "instance_profile" { + name = var.name + path = var.path + role = var.role + tags = var.tags +} \ No newline at end of file diff --git a/iam/roles/instance-profile/outputs.tf b/iam/roles/instance-profile/outputs.tf new file mode 100644 index 0000000..8b8bcb7 --- /dev/null +++ b/iam/roles/instance-profile/outputs.tf @@ -0,0 +1,16 @@ +output "arn" { + value = aws_iam_instance_profile.instance_profile.arn +} +output "create_date" { + value = aws_iam_instance_profile.instance_profile.create_date +} +output "id" { + value = aws_iam_instance_profile.instance_profile.id +} + +output "unique_id" { + value = aws_iam_instance_profile.instance_profile.unique_id +} + + + diff --git a/iam/roles/instance-profile/vars.tf b/iam/roles/instance-profile/vars.tf new file mode 100644 index 0000000..0fe7b0a --- /dev/null +++ b/iam/roles/instance-profile/vars.tf @@ -0,0 +1,23 @@ +variable "name" { + type = string + default = null + description = "(Optional, Forces new resource) Name of the instance profile. If omitted, Terraform will assign a random, unique name. Can be a string of characters consisting of upper and lowercase alphanumeric characters and these special characters: _, +, =, ,, ., @, -. Spaces are not allowed." +} + +variable "path" { + type = string + default = "/" + description = "(Optional, default \"/\") Path to the instance profile. For more information about paths, see IAM Identifiers in the IAM User Guide. Can be a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. Can include any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercase letters." +} + +variable "role" { + type = string + default = null + description = "(Optional) Name of the role to add to the profile." +} + +variable "tags" { + type = map(string) + default = {} + description = "The list of Tags" +} diff --git a/iam/roles/instance_profile/main.tf b/iam/roles/instance_profile/main.tf new file mode 100644 index 0000000..bd357b9 --- /dev/null +++ b/iam/roles/instance_profile/main.tf @@ -0,0 +1,6 @@ +resource "aws_iam_instance_profile" "instance_profile" { + name = var.name + path = var.path + role = var.role + tags = var.tags +} \ No newline at end of file diff --git a/iam/roles/instance_profile/outputs.tf b/iam/roles/instance_profile/outputs.tf new file mode 100644 index 0000000..8b8bcb7 --- /dev/null +++ b/iam/roles/instance_profile/outputs.tf @@ -0,0 +1,16 @@ +output "arn" { + value = aws_iam_instance_profile.instance_profile.arn +} +output "create_date" { + value = aws_iam_instance_profile.instance_profile.create_date +} +output "id" { + value = aws_iam_instance_profile.instance_profile.id +} + +output "unique_id" { + value = aws_iam_instance_profile.instance_profile.unique_id +} + + + diff --git a/iam/roles/instance_profile/vars.tf b/iam/roles/instance_profile/vars.tf new file mode 100644 index 0000000..0fe7b0a --- /dev/null +++ b/iam/roles/instance_profile/vars.tf @@ -0,0 +1,23 @@ +variable "name" { + type = string + default = null + description = "(Optional, Forces new resource) Name of the instance profile. If omitted, Terraform will assign a random, unique name. Can be a string of characters consisting of upper and lowercase alphanumeric characters and these special characters: _, +, =, ,, ., @, -. Spaces are not allowed." +} + +variable "path" { + type = string + default = "/" + description = "(Optional, default \"/\") Path to the instance profile. For more information about paths, see IAM Identifiers in the IAM User Guide. Can be a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. Can include any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercase letters." +} + +variable "role" { + type = string + default = null + description = "(Optional) Name of the role to add to the profile." +} + +variable "tags" { + type = map(string) + default = {} + description = "The list of Tags" +} diff --git a/iam/role_policy_attachment/main.tf b/iam/roles/role-policy-attachment/main.tf similarity index 55% rename from iam/role_policy_attachment/main.tf rename to iam/roles/role-policy-attachment/main.tf index 95212b6..335354f 100644 --- a/iam/role_policy_attachment/main.tf +++ b/iam/roles/role-policy-attachment/main.tf @@ -1,4 +1,4 @@ resource "aws_iam_role_policy_attachment" "role_policy_attachment" { - role = var.role - policy_arn = var.policy_arn + role = var.role + policy_arn = var.policy_arn } \ No newline at end of file diff --git a/iam/role_policy_attachment/vars.tf b/iam/roles/role-policy-attachment/vars.tf similarity index 61% rename from iam/role_policy_attachment/vars.tf rename to iam/roles/role-policy-attachment/vars.tf index 04760ea..fd78618 100644 --- a/iam/role_policy_attachment/vars.tf +++ b/iam/roles/role-policy-attachment/vars.tf @@ -5,7 +5,7 @@ variable "role" { } variable "policy_arn" { -type = string -default = null -description = "(Required) - The ARN of the policy you want to apply" + type = string + default = null + description = "(Required) - The ARN of the policy you want to apply" } \ No newline at end of file diff --git a/iam/roles/role-policy/README.md b/iam/roles/role-policy/README.md new file mode 100644 index 0000000..70c8b6c --- /dev/null +++ b/iam/roles/role-policy/README.md @@ -0,0 +1,35 @@ + +## Requirements + +- [Registry reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role_policy.irp](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [name](#input\_name) | (Optional) The name of the role policy. If omitted, Terraform will assign a random, unique name. | `string` | n/a | yes | +| [policy](#input\_policy) | (Required) The inline policy document. This is a JSON formatted string. | `string` | n/a | yes | +| [role](#input\_role) | (Required) The name of the IAM role to attach to the policy. | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [id](#output\_id) | n/a | + \ No newline at end of file diff --git a/iam/roles/role-policy/main.tf b/iam/roles/role-policy/main.tf new file mode 100644 index 0000000..9bfa21d --- /dev/null +++ b/iam/roles/role-policy/main.tf @@ -0,0 +1,5 @@ +resource "aws_iam_role_policy" "irp" { + name = var.name + role = var.role + policy = var.policy +} diff --git a/iam/roles/role-policy/outputs.tf b/iam/roles/role-policy/outputs.tf new file mode 100644 index 0000000..35b1f01 --- /dev/null +++ b/iam/roles/role-policy/outputs.tf @@ -0,0 +1,3 @@ +output "id" { + value = aws_iam_role.irp.id +} diff --git a/iam/roles/role-policy/vars.tf b/iam/roles/role-policy/vars.tf new file mode 100644 index 0000000..d2c463d --- /dev/null +++ b/iam/roles/role-policy/vars.tf @@ -0,0 +1,12 @@ +variable "name" { + type = string + description = "(Optional) The name of the role policy. If omitted, Terraform will assign a random, unique name." +} +variable "role" { + type = string + description = "(Required) The name of the IAM role to attach to the policy." +} +variable "policy" { + type = string + description = "(Required) The inline policy document. This is a JSON formatted string." +} \ No newline at end of file diff --git a/iam/roles/role/README.md b/iam/roles/role/README.md new file mode 100644 index 0000000..c3c0a0a --- /dev/null +++ b/iam/roles/role/README.md @@ -0,0 +1,38 @@ + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role.air](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [assume\_role\_policy](#input\_assume\_role\_policy) | (Required) Policy that grants an entity permission to assume the role. | `string` | n/a | yes | +| [managed\_policy\_arns](#input\_managed\_policy\_arns) | (Optional) Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, Terraform will ignore policy attachments to this resource. When configured, Terraform will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., managed\_policy\_arns = []) will cause Terraform to remove all managed policy attachments. | `list(string)` | `[]` | no | +| [max\_session\_duration](#input\_max\_session\_duration) | (Optional) Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | `string` | `3600` | no | +| [name](#input\_name) | (Optional, Forces new resource) Friendly name of the role. If omitted, Terraform will assign a random, unique name. | `string` | n/a | yes | +| [tags](#input\_tags) | Key-value mapping of tags for the IAM role. | `map(string)` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [arn](#output\_arn) | n/a | +| [name](#output\_name) | n/a | + \ No newline at end of file diff --git a/iam/roles/role/main.tf b/iam/roles/role/main.tf new file mode 100644 index 0000000..9bd385c --- /dev/null +++ b/iam/roles/role/main.tf @@ -0,0 +1,7 @@ +resource "aws_iam_role" "air" { + name = var.name + assume_role_policy = var.assume_role_policy + max_session_duration = var.max_session_duration + managed_policy_arns = var.managed_policy_arns + tags = var.tags +} \ No newline at end of file diff --git a/iam/roles/role/outputs.tf b/iam/roles/role/outputs.tf new file mode 100644 index 0000000..03cb413 --- /dev/null +++ b/iam/roles/role/outputs.tf @@ -0,0 +1,7 @@ +output "name" { + value = aws_iam_role.air.name +} + +output "arn" { + value = aws_iam_role.air.arn +} diff --git a/iam/roles/role/vars.tf b/iam/roles/role/vars.tf new file mode 100644 index 0000000..c961c99 --- /dev/null +++ b/iam/roles/role/vars.tf @@ -0,0 +1,23 @@ +variable "name" { + type = string + description = "(Optional, Forces new resource) Friendly name of the role. If omitted, Terraform will assign a random, unique name." +} +variable "max_session_duration" { + type = string + default = 3600 + description = "(Optional) Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours." +} +variable "assume_role_policy" { + type = string + description = "(Required) Policy that grants an entity permission to assume the role." +} +variable "managed_policy_arns" { + type = list(string) + default = [] + description = "(Optional) Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, Terraform will ignore policy attachments to this resource. When configured, Terraform will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., managed_policy_arns = []) will cause Terraform to remove all managed policy attachments." +} +variable "tags" { + type = map(string) + default = {} + description = "Key-value mapping of tags for the IAM role." +} \ No newline at end of file diff --git a/iam/roles/role_policy_attachment/main.tf b/iam/roles/role_policy_attachment/main.tf new file mode 100644 index 0000000..335354f --- /dev/null +++ b/iam/roles/role_policy_attachment/main.tf @@ -0,0 +1,4 @@ +resource "aws_iam_role_policy_attachment" "role_policy_attachment" { + role = var.role + policy_arn = var.policy_arn +} \ No newline at end of file diff --git a/iam/roles/role_policy_attachment/vars.tf b/iam/roles/role_policy_attachment/vars.tf new file mode 100644 index 0000000..fd78618 --- /dev/null +++ b/iam/roles/role_policy_attachment/vars.tf @@ -0,0 +1,11 @@ +variable "role" { + type = string + default = null + description = "(Required) - The name of the IAM role to which the policy should be applied" +} + +variable "policy_arn" { + type = string + default = null + description = "(Required) - The ARN of the policy you want to apply" +} \ No newline at end of file diff --git a/iam/user/vars.tf b/iam/user/vars.tf deleted file mode 100644 index ee1737b..0000000 --- a/iam/user/vars.tf +++ /dev/null @@ -1,25 +0,0 @@ -variable "name" { - type = string - default = null - description = "(Required) The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both TESTUSER and testuser." -} -variable "path" { - type = string - default = "/" - description = "(Optional, default /) Path in which to create the user." -} -variable "tags" { - type = map(string) - default = {} - description = "Key-value map of tags for the IAM user" -} - -variable "policy" { - description = "policy - (Optional) A valid bucket policy JSON document." -} - -variable "policy_name" { - type = string - default = "user_policy" -} - diff --git a/iam/users/user/README.md b/iam/users/user/README.md new file mode 100644 index 0000000..34058aa --- /dev/null +++ b/iam/users/user/README.md @@ -0,0 +1,42 @@ + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_access_key.user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource | +| [aws_iam_user.user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource | +| [aws_iam_user_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [name](#input\_name) | (Required) The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-\_.. User names are not distinguished by case. For example, you cannot create users named both TESTUSER and testuser. | `string` | `null` | no | +| [path](#input\_path) | (Optional, default /) Path in which to create the user. | `string` | `"/"` | no | +| [policy](#input\_policy) | policy - (Optional) A valid bucket policy JSON document. | `any` | n/a | yes | +| [policy\_name](#input\_policy\_name) | n/a | `string` | `"user_policy"` | no | +| [tags](#input\_tags) | Key-value map of tags for the IAM user | `map(string)` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [arn](#output\_arn) | n/a | +| [name](#output\_name) | n/a | +| [secret](#output\_secret) | n/a | +| [unique\_id](#output\_unique\_id) | n/a | + \ No newline at end of file diff --git a/iam/user/main.tf b/iam/users/user/main.tf similarity index 79% rename from iam/user/main.tf rename to iam/users/user/main.tf index 6c19ce1..7b19d01 100644 --- a/iam/user/main.tf +++ b/iam/users/user/main.tf @@ -1,5 +1,5 @@ resource "aws_iam_user" "user" { - + name = var.name path = var.path @@ -7,13 +7,13 @@ resource "aws_iam_user" "user" { } resource "aws_iam_access_key" "user" { - + user = aws_iam_user.user.name } resource "aws_iam_user_policy" "policy" { - name = var.policy_name - user = aws_iam_user.user.name + name = var.policy_name + user = aws_iam_user.user.name policy = file(var.policy) } diff --git a/iam/user/output.tf b/iam/users/user/output.tf similarity index 81% rename from iam/user/output.tf rename to iam/users/user/output.tf index a1991fa..70fd040 100644 --- a/iam/user/output.tf +++ b/iam/users/user/output.tf @@ -11,6 +11,6 @@ output "unique_id" { } output "secret" { - value = aws_iam_access_key.user.secret + value = aws_iam_access_key.user.secret sensitive = true } diff --git a/iam/users/user/vars.tf b/iam/users/user/vars.tf new file mode 100644 index 0000000..7960bd8 --- /dev/null +++ b/iam/users/user/vars.tf @@ -0,0 +1,25 @@ +variable "name" { + type = string + default = null + description = "(Required) The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both TESTUSER and testuser." +} +variable "path" { + type = string + default = "/" + description = "(Optional, default /) Path in which to create the user." +} +variable "tags" { + type = map(string) + default = {} + description = "Key-value map of tags for the IAM user" +} + +variable "policy" { + description = "policy - (Optional) A valid bucket policy JSON document." +} + +variable "policy_name" { + type = string + default = "user_policy" +} +