https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser
Ben's Terraform AWS Terraform Backend & Apply Users Module
https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser
terraform terraform-module terraform-module-aws
Last synced: 2 months ago
JSON representation
Ben's Terraform AWS Terraform Backend & Apply Users Module
- Host: GitHub
- URL: https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser
- Owner: bendoerr-terraform-modules
- License: mit
- Created: 2023-12-10T19:32:34.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-11-18T14:42:35.000Z (6 months ago)
- Last Synced: 2025-01-17T22:43:25.327Z (4 months ago)
- Topics: terraform, terraform-module, terraform-module-aws
- Language: HCL
- Homepage:
- Size: 253 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
- Security: SECURITY.md
Awesome Lists containing this project
README
Ben's Terraform AWS Terraform Backend & Apply Users Module
This is how I do it.
Explore the docs »
Report Bug
.
Request Feature
[
](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/graphs/contributors)
[
](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/issues)
[
](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/pulls)
[
](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/actions/workflows/test.yml)
[
](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/actions/workflows/lint.yml)
[
](https://registry.terraform.io/modules/bendoerr-terraform-modules/label/null/latest)
[
](https://securityscorecards.dev/viewer/?uri=github.com/bendoerr-terraform-modules/terraform-aws-tfuser)
[
](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/blob/main/LICENSE.txt)
## About The Project
Ben's Terraform AWS Terraform Backend & Apply Users Module
## Usage
TODO
```terraform
module "context" {
source = "bendoerr-terraform-modules/context/null"
version = "xxx"
namespace = "btm"
role = "production"
region = "us-east-1"
project = "core"
}
module "tfuser" {
source = "bendoerr-terraform-modules/tfuser/aws"
version = "xxx"
context = module.context.shared
}
```
### Cost
There should be no cost associated with this module as it only creates IAM
resources which have no cost.
### Requirements
| Name | Version |
| ------------------------------------------------------------------------ | ------- |
| [terraform](#requirement_terraform) | >= 0.13 |
| [aws](#requirement_aws) | ~> 5.0 |
### Providers
| Name | Version |
| ------------------------------------------------ | ------- |
| [aws](#provider_aws) | 5.30.0 |
### Modules
| Name | Source | Version |
| -------------------------------------------------------------------------------------------------------------- | ------------------------------------- | ------- |
| [label_apply](#module_label_apply) | bendoerr-terraform-modules/label/null | 0.4.1 |
| [label_backend](#module_label_backend) | bendoerr-terraform-modules/label/null | 0.4.1 |
| [label_backend_dynamodb_rw](#module_label_backend_dynamodb_rw) | bendoerr-terraform-modules/label/null | 0.4.1 |
| [label_backend_s3_rw](#module_label_backend_s3_rw) | bendoerr-terraform-modules/label/null | 0.4.1 |
### Resources
| Name | Type |
| --------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| [aws_iam_access_key.apply](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
| [aws_iam_access_key.backend](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
| [aws_iam_policy.apply_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.apply_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.backend_dynamodb_rw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.backend_s3_rw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.apply](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.backend](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.apply_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.apply_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.backend_dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.backend_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_user.apply](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
| [aws_iam_user.backend](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
| [aws_iam_policy_document.apply_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.apply_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.apply_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.backend_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.backend_dynamodb_rw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.backend_s3_rw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_role.apply](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |
| [aws_iam_role.backend](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |
| [aws_iam_user.apply](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_user) | data source |
| [aws_iam_user.backend](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_user) | data source |
### Inputs
| Name | Description | Type | Default | Required |
| --------------------------------------------------------------------- | ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- | :------: |
| [apply_role](#input_apply_role) | n/a |
object({
create = bool
arn = optional(string) # req, if create is false
extra_assume_statements = optional(list(object({
actions = list(string)
principals = object({
type = string
identifiers = list(string)
})
conditions = optional(list(object({
test = string
variable = string
values = list(string)
})))
})))
budgets = optional(bool, false)
dynamodb = optional(bool, false)
ec2_account = optional(bool, false)
ec2_networking = optional(bool, false)
ec2_tags = optional(bool, false)
ecs = optional(bool, false)
efs = optional(bool, false)
iam = optional(bool, false)
kms = optional(bool, false)
lambda = optional(bool, false)
logs = optional(bool, false)
route53 = optional(bool, false)
s3 = optional(bool, false)
sns = optional(bool, false)
ssm_params = optional(bool, false)
}) | n/a | yes |
| [apply_user](#input_apply_user) | n/a | object({
create = bool
name = optional(string) # req, if create is false or invalid
force_destroy = optional(bool) # opt
pgp_key = optional(string) # req if create is true or invalid
}) | n/a | yes |
| [backend_role](#input_backend_role) | n/a | object({
create = bool
arn = optional(string) # opt, if create is false
extra_assume_statements = optional(list(object({
actions = list(string)
principals = object({
type = string
identifiers = list(string)
})
conditions = optional(list(object({
test = string
variable = string
values = list(string)
})))
})))
dynamodb_policy = optional(object({
create = bool
policy_arn = optional(string) # req, if create is false or invalid
table_arn = optional(string) # req, if create is true or invalid
kms_key = optional(string) # opt, if create is true or invalid
}), { create = false })
s3_policy = optional(object({
create = bool
policy_arn = optional(string) # req, if create is false or invalid
bucket_arn = optional(string) # req, if create is true or invalid
kms_key = optional(string) # opt, if create is true or invalid
}), { create = false })
}) | {
"create": false
} | no |
| [backend_user](#input_backend_user) | n/a | object({
create = bool
name = optional(string) # req, if create is false or invalid
force_destroy = optional(bool) # opt
pgp_key = optional(string) # req if create is true or invalid
}) | {
"create": false
} | no |
| [context](#input_context) | Shared Context from Ben's terraform-null-context | object({
attributes = list(string)
dns_namespace = string
environment = string
instance = string
instance_short = string
namespace = string
region = string
region_short = string
role = string
role_short = string
project = string
tags = map(string)
}) | n/a | yes |
### Outputs
| Name | Description |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| [apply_role_arn](#output_apply_role_arn) | n/a |
| [apply_role_name](#output_apply_role_name) | n/a |
| [apply_user_access_key_encrypted_secret](#output_apply_user_access_key_encrypted_secret) | n/a |
| [apply_user_access_key_id](#output_apply_user_access_key_id) | n/a |
| [apply_user_arn](#output_apply_user_arn) | n/a |
| [apply_user_name](#output_apply_user_name) | n/a |
| [apply_user_unique_id](#output_apply_user_unique_id) | n/a |
| [backend_dynamodb_rw_policy_arn](#output_backend_dynamodb_rw_policy_arn) | n/a |
| [backend_role_arn](#output_backend_role_arn) | n/a |
| [backend_role_name](#output_backend_role_name) | n/a |
| [backend_s3_rw_policy_arn](#output_backend_s3_rw_policy_arn) | n/a |
| [backend_user_access_key_encrypted_secret](#output_backend_user_access_key_encrypted_secret) | n/a |
| [backend_user_access_key_id](#output_backend_user_access_key_id) | n/a |
| [backend_user_arn](#output_backend_user_arn) | n/a |
| [backend_user_name](#output_backend_user_name) | n/a |
| [backend_user_unique_id](#output_backend_user_unique_id) | n/a |
## Roadmap
[](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/issues)
See the
[open issues](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/issues)
for a list of proposed features (and known issues).
## Contributing
[](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/pulls)
Contributions are what make the open source community such an amazing place to
be learn, inspire, and create. Any contributions you make are **greatly
appreciated**.
- If you have suggestions for adding or removing projects, feel free to
[open an issue](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/issues/new)
to discuss it, or directly create a pull request after you edit the
_README.md_ file with necessary changes.
- Please make sure you check your spelling and grammar.
- Create individual PR for each suggestion.
### Creating A Pull Request
1. Fork the Project
2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)
3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
4. Push to the Branch (`git push origin feature/AmazingFeature`)
5. Open a Pull Request
## License
[](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/blob/main/LICENSE.txt)
Distributed under the MIT License. See
[LICENSE](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/blob/main/LICENSE.txt)
for more information.
## Authors
[](https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/graphs/contributors)
- **Benjamin R. Doerr** - _Terraformer_ -
[Benjamin R. Doerr](https://github.com/bendoerr/) - _Built Ben's Terraform
Modules_
## Supported Versions
Only the latest tagged version is supported.
## Reporting a Vulnerability
See [SECURITY.md](SECURITY.md).
## Acknowledgements
- [ShaanCoding (ReadME Generator)](https://github.com/ShaanCoding/ReadME-Generator)
- [OpenSSF - Helping me follow best practices](https://openssf.org/)
- [StepSecurity - Helping me follow best practices](https://app.stepsecurity.io/)
- [Infracost - Better than AWS Calculator](https://www.infracost.io/)