Badges

IAM Module

This Terraform module creates an IAM group and associated IAM users with login profiles, an IAM role for EC2 instances, and IAM policies for EC2 and ECR management.

Usage

1. Install and configure Terraform on your local machine.
2. Provide your AWS access key and secret key in the provider.tf file.
3. Modify the variables in the variable.tf file to customize the IAM group and user configurations.
4. Run terraform init to initialize the Terraform configuration.
5. Run terraform apply to create the IAM resources.

Module Inputs

The module accepts the following input variables:

• iam_group_name: Name of the IAM group.
• user_names: List of user names to create.
• password_length: Length of generated passwords for IAM users.
• password_reset_required: Whether password reset is required for IAM users.
• ec2_role_name: Name of the IAM role for EC2 instances.
• ec2_role_assume_role_policy: Assume role policy document for EC2 role.
• ec2_policy_name: Name of the IAM policy for EC2 instance management.
• ec2_policy_description: Description of the IAM policy for EC2 instance management.
• ec2_policy: Policy document for the IAM policy for EC2 instance management.
• admin_policy_name: Name of the administrative IAM policy.
• admin_policy_description: Description of the administrative IAM policy.
• admin_policy: Policy document for the administrative IAM policy.
• ecr_policy_name: Name of the IAM policy for ECR repository management.
• ecr_policy_description: Description of the IAM policy for ECR repository management.
• ecr_policy: Policy document for the IAM policy for ECR repository management.

Outputs

The module provides the following output:

• user_passwords: A map of user names to their generated passwords.

Inputs

Name	Description	Type	Default	Required
admin_policy	Policy document for the administrative IAM policy	string	"{\r\n \"Version\": \"2012-10-17\",\r\n \"Statement\": [\r\n {\r\n \"Effect\": \"Allow\",\r\n \"Action\": \"*\",\r\n \"Resource\": \"*\"\r\n }\r\n ]\r\n}\r\n"	no
admin_policy_description	Description of the administrative IAM policy	string	n/a	yes
admin_policy_name	Name of the administrative IAM policy	string	n/a	yes
ec2_policy	Policy document for the IAM policy for EC2 instance management	string	"{\r\n \"Version\": \"2012-10-17\",\r\n \"Statement\": [\r\n {\r\n \"Effect\": \"Allow\",\r\n \"Action\": [\r\n \"ec2:*\"\r\n ],\r\n \"Resource\": \"*\",\r\n \"Condition\": {\r\n \"StringEquals\": {\r\n \"aws:RequestedRegion\": \"ap-southeast-1\"\r\n }\r\n }\r\n },\r\n {\r\n \"Effect\": \"Deny\",\r\n \"Action\": \"ec2:*\",\r\n \"Resource\": \"*\",\r\n \"Condition\": {\r\n \"ForAnyValue:StringNotLike\": {\r\n \"ec2:InstanceType\": [\r\n \"t2.micro\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n}\r\n"	no
ec2_policy_description	Description of the IAM policy for EC2 instance management	string	n/a	yes
ec2_policy_name	Name of the IAM policy for EC2 instance management	string	n/a	yes
ec2_role_assume_role_policy	Assume role policy document for EC2 role	string	"{\r\n \"Version\": \"2012-10-17\",\r\n \"Statement\": [\r\n {\r\n \"Sid\": \"\",\r\n \"Effect\": \"Allow\",\r\n \"Principal\": {\r\n \"AWS\": \"*\"\r\n },\r\n \"Action\": \"sts:AssumeRole\"\r\n }\r\n ]\r\n}\r\n"	no
ec2_role_name	Name of the IAM role for EC2 instances	string	n/a	yes
ecr_policy	Policy document for the IAM policy for ECR repository management	string	"{\r\n \"Version\": \"2012-10-17\",\r\n \"Statement\": [\r\n {\r\n \"Sid\": \"AllowECR\",\r\n \"Effect\": \"Allow\",\r\n \"Action\": \"ecr:*\",\r\n \"Resource\": \"*\"\r\n }\r\n ]\r\n}\r\n"	no
ecr_policy_description	Description of the IAM policy for ECR repository management	string	n/a	yes
ecr_policy_name	Name of the IAM policy for ECR repository management	string	n/a	yes
iam_group_name	Name of the IAM group	string	n/a	yes
password_length	Length of generated passwords for IAM users	number	n/a	yes
password_reset_required	Whether password reset is required for IAM users	bool	n/a	yes
user_names	List of user names	list(string)	n/a	yes

Outputs

Name	Description
user_passwords	Output the user passwords as a map

IAM Policies and Attachments

This repository contains Terraform configuration files to create an infrastructure setup with IAM policies and attachments. Here's an overview of the IAM policies and their attachments:

EC2 Policy

• Name: ec2-policy
• Description: This policy is used for EC2 instance management.
• Policy: The policy is defined by the variable var.ec2_policy.

Admin Policy

• Name: admin-policy
• Description: This policy grants administrative privileges.
• Policy: The policy is defined by the variable var.admin_policy.

ECR Policy

• Name: ecr-policy
• Description: This policy is used for ECR repository management.
• Policy: The policy is defined by the variable var.ecr_policy.

Policy Attachments

EC2 Policy Attachment

• Attached to: IAM Group autoscaleupinfra
• Policy ARN: aws_iam_policy.ec2_policy.arn

Admin Policy Attachment

• Attached to: IAM Group autoscaleupinfra
• Policy ARN: aws_iam_policy.admin_policy.arn

ECR Policy Attachment

• Attached to: IAM Role ec2-role
• Policy ARN: aws_iam_policy.ecr_policy.arn

You can find the corresponding Terraform configuration in the provided .tf file.

Resources

Name	Type
aws_iam_group.my_group	resource
aws_iam_group_policy_attachment.admin_policy_attachment	resource
aws_iam_group_policy_attachment.ec2_policy_attachment	resource
aws_iam_policy.admin_policy	resource
aws_iam_policy.ec2_policy	resource
aws_iam_policy.ecr_policy	resource
aws_iam_role.ec2_role	resource
aws_iam_role_policy_attachment.ecr_policy_attachment	resource
aws_iam_user.my_users	resource
aws_iam_user_group_membership.ec2_policy_group_membership	resource
aws_iam_user_login_profile.my_users_login_profile	resource

Dependencies

This module has the following dependencies:

• Terraform version 0.12 or later.
• AWS provider version 3.0 or later.

Providers

Name	Version
aws	3.0

Run Locally

Clone the project

  git clone https://github.com/ScaleupInfra/terraform-aws-s3-bucket.git

Go to the project directory

  cd terraform-aws-s3-bucket
  teraform init
  terraform plan 
  teraform apply -auto-approve

Destroy Infrastructrre dependencies

  terraform destroy -auto-approve

If the created IAM users after terraform apply want to log in to their IAM account, follow these step-by-step instructions:

1. Open your preferred web browser and go to the AWS Management Console login page: https://console.aws.amazon.com/.

2. Enter the IAM user's AWS account ID or alias. This information is typically provided by your AWS administrator or can be found in your account details. For Example - 782342199264

3. Enter your IAM user name.

4. In the "Password" field, enter the password associated with your IAM user account. Note that the password is case-sensitive.

5. Click on the "Sign In" button to proceed.

6. If the provided information is correct, and your IAM user account is properly configured, you will be redirected to the AWS Management Console dashboard, where you can access various AWS services and resources.

🔗 Links

Contributing

Contributions are always welcome!

If you find any issues or have suggestions for improvements, please open an issue or submit a pull request.

See contributing.md for ways to get started.

Please adhere to this project's code of conduct.

Support

Come join our Open Source Community on Slack. It's completely FREE! Our community is the perfect platform for infrastructure enthusiasts like you. Engage in discussions, seek advice, share your ideas, and collaborate with fellow community members to build scalable and robust infrastructure solutions. Don't miss out on this opportunity to be a part of our thriving community!