terraform-aws-iam-s3-user

README

terraform-aws-iam-s3-user

terraform-aws-iam-s3-user for project

Requirements

This is a list of plugins that need to be installed previously to enjoy all the goodies of this configuration:

• gomplate
• terraform
• python
• taskfile

Usage

How to use this project

module "main" {
  source  = "hadenlabs/iam-s3-user/aws"
  version = "0.0.0"

  depends_on   = []
  enabled      = var.enabled
  name         = var.name
  stage        = var.stage
  namespace    = var.namespace
  tags         = var.tags
  use_fullname = var.use_fullname
  s3_actions   = [
    "s3:ListAllMyBuckets",
  ]
  s3_resources = [
    "arn:aws:s3:::bucket-name/*",
  ]
}

Examples

common

  module "main" {
    source  = "hadenlabs/iam-s3-user/aws"
    version = "0.1.0"
  }

Basic

data

module "main" {
  source  = "hadenlabs/iam-s3-user/aws"
  version = "0.1.0"
  depends_on   = []
  enabled      = var.enabled
  name         = var.name
  stage        = var.stage
  namespace    = var.namespace
  tags         = var.tags
  use_fullname = true
  s3_actions   = [
    "s3:GetObject",
		"s3:GetObjectAcl",
		"s3:ListObjects",
		"s3:ListBucket",
		"s3:ListAllMyBuckets",
  ]
  s3_resources = [
		"arn:aws:s3:::bucket-name/*",
  ]
}

Requirements

Name	Version
terraform	>= 0.12.20, < 2.0
aws	>= 2.51, < 4.0

Providers

Name	Version
aws	>= 2.51, < 4.0

Modules

Name	Source	Version
s3_user	hadenlabs/iam-system-user/aws	0.1.1

Resources

Name	Type
aws_iam_user_policy.this	resource
aws_iam_policy_document.this	data source

Inputs

Name	Description	Type	Default	Required
enabled	Set to false to prevent the module from creating any resources	bool	true	no
force_destroy	Destroy even if it has non-Terraform-managed IAM access keys, login profiles or MFA devices	bool	false	no
name	name	string	n/a	yes
namespace	ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique	string	null	no
path	Path in which to create the user	string	"/"	no
s3_actions	Actions to allow in the policy	list(string)	[ "s3:GetObject" ]	no
s3_resources	S3 resources to apply the actions specified in the policy	list(string)	n/a	yes
stage	ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'	string	null	no
tags	Additional tags (e.g. map('BusinessUnit','XYZ')	map(string)	{}	no
use_fullname	If set to 'true' then the full ID for the IAM user name (e.g. [var.namespace]-[var.stage]-[var.name]) will be used.	bool	false	no

Outputs

Name	Description
access_key_id	Access Key ID
enabled	Enabled property of module
secret_access_key	Secret Access Key. This will be written to the state file in plain-text
use_fullname	return if enabled use fullname
user_arn	The ARN assigned by AWS for the user
user_name	Normalized IAM user name
user_unique_id	The user unique ID assigned by AWS

Help

Got a question?

File a GitHub issue.

Contributing

See Contributing.

Module Versioning

This Module follows the principles of Semantic Versioning (SemVer).

Using the given version number of MAJOR.MINOR.PATCH, we apply the following constructs:

1. Use the MAJOR version for incompatible changes.
2. Use the MINOR version when adding functionality in a backwards compatible manner.
3. Use the PATCH version when introducing backwards compatible bug fixes.

Backwards compatibility in 0.0.z and 0.y.z version

• In the context of initial development, backwards compatibility in versions 0.0.z is not guaranteed when z is increased. (Initial development)
• In the context of pre-release, backwards compatibility in versions 0.y.z is not guaranteed when y is increased. (Pre-release)

Copyright

Copyright © 2018-2022 Hadenlabs

Trademarks

All other trademarks referenced herein are the property of their respective owners.

License

The code and styles are licensed under the LGPL-3.0 license See project license..

Don't forget to 🌟 Star 🌟 the repo if you like terraform-aws-iam-s3-user

Your feedback is appreciated