https://github.com/mineiros-io/terraform-aws-iam-user
A Terraform module to create and manage Identity and Access Management (IAM) Users on Amazon Web Services (AWS). https://aws.amazon.com/iam
https://github.com/mineiros-io/terraform-aws-iam-user
amazon-web-services aws iac iam mineiros terraform terraform-aws terraform-modules user
Last synced: 3 months ago
JSON representation
A Terraform module to create and manage Identity and Access Management (IAM) Users on Amazon Web Services (AWS). https://aws.amazon.com/iam
- Host: GitHub
- URL: https://github.com/mineiros-io/terraform-aws-iam-user
- Owner: mineiros-io
- License: apache-2.0
- Created: 2020-05-03T20:11:29.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2022-04-06T12:40:49.000Z (over 3 years ago)
- Last Synced: 2025-03-27T22:22:40.381Z (3 months ago)
- Topics: amazon-web-services, aws, iac, iam, mineiros, terraform, terraform-aws, terraform-modules, user
- Language: HCL
- Homepage:
- Size: 210 KB
- Stars: 20
- Watchers: 7
- Forks: 12
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
[
](https://mineiros.io/?ref=terraform-aws-iam-user)
[](https://github.com/mineiros-io/terraform-aws-iam-user/actions)
[](https://github.com/mineiros-io/terraform-aws-iam-user/releases)
[](https://github.com/hashicorp/terraform/releases)
[](https://github.com/terraform-providers/terraform-provider-aws/releases)
[](https://mineiros.io/slack)# terraform-aws-iam-user
A [Terraform](https://www.terraform.io) base module for deploying and managing
[IAM Users][IAM-User-Docs] on [Amazon Web Services][AWS].***This module supports Terraform v1.x, v0.15, v0.14, v0.13 as well as v0.12.20 and above
and is compatible with the terraform AWS provider v3 as well as v2.0 and above.***- [Module Features](#module-features)
- [Getting Started](#getting-started)
- [Module Argument Reference](#module-argument-reference)
- [Module Configuration](#module-configuration)
- [Top-level Arguments](#top-level-arguments)
- [Main Resource Configuration](#main-resource-configuration)
- [Extended Resource configuration](#extended-resource-configuration)
- [Custom & Managed Policies](#custom--managed-policies)
- [Inline Policy](#inline-policy)
- [Module Outputs](#module-outputs)
- [External Documentation](#external-documentation)
- [AWS Documentation IAM](#aws-documentation-iam)
- [Terraform AWS Provider Documentation](#terraform-aws-provider-documentation)
- [Module Versioning](#module-versioning)
- [Backwards compatibility in `0.0.z` and `0.y.z` version](#backwards-compatibility-in-00z-and-0yz-version)
- [About Mineiros](#about-mineiros)
- [Reporting Issues](#reporting-issues)
- [Contributing](#contributing)
- [Makefile Targets](#makefile-targets)
- [License](#license)## Module Features
In contrast to the plain `aws_iam_user` resource, this module has extended features allowing you
to add custom & managed IAM and/or inline policies and adding user to groups.
While all security features can be disabled as needed, best practices
are pre-configured.- **Standard Module Features**:
Add IAM users
- **Extended Module Features**:
Attach custom & managed IAM policies,
attach an inline policy,
add users to a set of groups## Getting Started
Most basic usage showing how to add three users and assigning two policies:
```hcl
module "iam-users" {
source = "mineiros-io/iam-user/aws"
version = "~> 0.5.0"names = [
"user.one",
"user.two",
"user.three",
]policy_arns = [
"arn:aws:iam::aws:policy/ReadOnlyAccess",
"arn:aws:iam::aws:policy/job-function/Billing",
]
}
```## Module Argument Reference
See
[variables.tf]
and
[examples]
for details and use-cases.### Module Configuration
- [**`module_enabled`**](#var-module_enabled): *(Optional `bool`)*
Specifies whether resources in the module will be created.
Default is `true`.
- [**`module_depends_on`**](#var-module_depends_on): *(Optional `set(any)`)*
A set of dependencies. Any object can be assigned to this list to define a hidden external dependency.
### Top-level Arguments
#### Main Resource Configuration
- [**`names`**](#var-names): *(**Required** `set(string)`)*
A set of names of IAM users that will be created. Forces new resource.
- [**`groups`**](#var-groups): *(Optional `set(string)`)*
A set of IAM groups to add the user(s) to.
Default is `[]`.
- [**`force_destroy`**](#var-force_destroy): *(Optional `bool`)*
When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed.
Default is `false`.
- [**`path`**](#var-path): *(Optional `string`)*
The path in which to create the user(s). See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) for more information.
Default is `"/"`.
- [**`permissions_boundary`**](#var-permissions_boundary): *(Optional `string`)*
The ARN of the policy that is used to set the permissions boundary for the user.
Default is not to set any boundary.- [**`tags`**](#var-tags): *(Optional `map(string)`)*
Key-value map of tags for the IAM user.
Default is `{}`.
#### Extended Resource configuration
##### Custom & Managed Policies
- [**`policy_arns`**](#var-policy_arns): *(Optional `list(string)`)*
List of custom or managed IAM policy ARNs to attach to the user.
Default is `[]`.
##### Inline Policy
- [**`policy_statements`**](#var-policy_statements): *(Optional `list(statement)`)*
List of IAM policy statements to attach to the user as an inline policy.
Default is `[]`.
Example:
```hcl
policy_statements = [
{
sid = "FullS3Access"effect = "Allow"
actions = ["s3:*"]
not_actions = []resources = ["*"]
not_resources = []conditions = [
{
test = "Bool"
variable = "aws:MultiFactorAuthPresent"
values = ["true"]
}
]
}
]
```## Module Outputs
The following attributes are exported by the module:
- [**`users`**](#output-users): *(`list(user)`)*
The `aws_iam_user` object(s).
- [**`user_policy`**](#output-user_policy): *(`object(user_policy)`)*
The `aws_iam_user_policy` object(s).
- [**`user_policy_attachment`**](#output-user_policy_attachment): *(`object(user_policy_attachment)`)*
The `aws_iam_user_policy_attachment` object(s).
- [**`names`**](#output-names): *(`set(string)`)*
The user names.
- [**`path`**](#output-path): *(`string`)*
Path in which to create the user.
- [**`permissions_boundary`**](#output-permissions_boundary): *(`string`)*
The ARN of the policy that is used to set the permissions boundary for
the user.- [**`force_destroy`**](#output-force_destroy): *(`bool`)*
When destroying this user, destroy even if it has non-Terraform-managed
IAM access keys, login profile or MFA devices.- [**`tags`**](#output-tags): *(`map(string)`)*
Key-value map of tags for the IAM user.
- [**`policy_statements`**](#output-policy_statements): *(`list(policy_statement)`)*
List of IAM policy statements to attach to the User as an inline policy.
- [**`policy_arns`**](#output-policy_arns): *(`set(string)`)*
Set of IAM custom or managed policies ARNs attached to the User.
- [**`groups`**](#output-groups): *(`list(string)`)*
List of IAM groups the users were added to.
## External Documentation
### AWS Documentation IAM
- User: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html
- Policies: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html### Terraform AWS Provider Documentation
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_group_membership## Module Versioning
This Module follows the principles of [Semantic Versioning (SemVer)].
Given a version number `MAJOR.MINOR.PATCH`, we increment the:
1. `MAJOR` version when we make incompatible changes,
2. `MINOR` version when we add functionality in a backwards compatible manner, and
3. `PATCH` version when we make backwards compatible bug fixes.### Backwards compatibility in `0.0.z` and `0.y.z` version
- Backwards compatibility in versions `0.0.z` is **not guaranteed** when `z` is increased. (Initial development)
- Backwards compatibility in versions `0.y.z` is **not guaranteed** when `y` is increased. (Pre-release)## About Mineiros
Mineiros is a [DevOps as a Service][homepage] company based in Berlin, Germany.
We offer commercial support for all of our projects and encourage you to reach out
if you have any questions or need help. Feel free to send us an email at [[email protected]] or join our [Community Slack channel][slack].We can also help you with:
- Terraform modules for all types of infrastructure such as VPCs, Docker clusters, databases, logging and monitoring, CI, etc.
- Consulting & training on AWS, Terraform and DevOps## Reporting Issues
We use GitHub [Issues] to track community reported issues and missing features.
## Contributing
Contributions are always encouraged and welcome! For the process of accepting changes, we use
[Pull Requests]. If you'd like more information, please see our [Contribution Guidelines].## Makefile Targets
This repository comes with a handy [Makefile].
Run `make help` to see details on each available target.## License
[![license][badge-license]][apache20]
This module is licensed under the Apache License Version 2.0, January 2004.
Please see [LICENSE] for full details.Copyright © 2020-2022 [Mineiros GmbH][homepage]
[homepage]: https://mineiros.io/?ref=terraform-aws-iam-user
[[email protected]]: mailto:[email protected]
[badge-build]: https://github.com/mineiros-io/terraform-aws-iam-user/workflows/CI/CD%20Pipeline/badge.svg
[badge-semver]: https://img.shields.io/github/v/tag/mineiros-io/terraform-aws-iam-user.svg?label=latest&sort=semver
[badge-license]: https://img.shields.io/badge/license-Apache%202.0-brightgreen.svg
[badge-terraform]: https://img.shields.io/badge/terraform-1.x%20|%200.15%20|%200.14%20|%200.13%20|%200.12.20+-623CE4.svg?logo=terraform
[badge-slack]: https://img.shields.io/badge/[email protected]?logo=slack
[badge-tf-aws]: https://img.shields.io/badge/AWS-3%20and%202.0+-F8991D.svg?logo=terraform
[releases-aws-provider]: https://github.com/terraform-providers/terraform-provider-aws/releases
[build-status]: https://github.com/mineiros-io/terraform-aws-iam-user/actions
[releases-github]: https://github.com/mineiros-io/terraform-aws-iam-user/releases
[releases-terraform]: https://github.com/hashicorp/terraform/releases
[apache20]: https://opensource.org/licenses/Apache-2.0
[slack]: https://join.slack.com/t/mineiros-community/shared_invite/zt-ehidestg-aLGoIENLVs6tvwJ11w9WGg
[Terraform]: https://www.terraform.io
[AWS]: https://aws.amazon.com/
[IAM-User-Docs]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html
[Semantic Versioning (SemVer)]: https://semver.org/
[examples/example/main.tf]: https://github.com/mineiros-io/terraform-aws-iam-user/blob/master/examples/example/main.tf
[variables.tf]: https://github.com/mineiros-io/terraform-aws-iam-user/blob/master/variables.tf
[examples/]: https://github.com/mineiros-io/terraform-aws-iam-user/blob/master/examples
[Issues]: https://github.com/mineiros-io/terraform-aws-iam-user/issues
[LICENSE]: https://github.com/mineiros-io/terraform-aws-iam-user/blob/master/LICENSE
[Makefile]: https://github.com/mineiros-io/terraform-aws-iam-user/blob/master/Makefile
[Pull Requests]: https://github.com/mineiros-io/terraform-aws-iam-user/pulls
[Contribution Guidelines]: https://github.com/mineiros-io/terraform-aws-iam-user/blob/master/CONTRIBUTING.md