locals { name = "tofu-module-aws-iam-ci-user" } module "aws_iam_ci_user" { providers = { aws.core = aws.all["core"] aws.root = aws.all["root"] aws.tests = aws.all["tests"] } source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.0.0" core_policy_statements = jsonencode([ { Action = "iam:*" Effect = "Allow" Resource = "arn:aws:iam::*:role/tftest" }, ]) name = local.name tests_policy_statements = jsonencode([{ Action = "iam:*" Effect = "Allow" Resource = "arn:aws:iam::*:role/tftest", }]) } resource "aws_iam_policy" "tftest" { provider = aws.all["root"] name = "${local.name}-tftest" policy = jsonencode({ Statement = [{ Action = "iam:*" Effect = "Allow" Resource = [ "arn:aws:iam::*:user/tftest", "arn:aws:iam::*:policy/${local.name}-tftest", ] }] Version = "2012-10-17" }) } resource "aws_iam_user_policy_attachment" "tftest" { provider = aws.all["root"] policy_arn = aws_iam_policy.tftest.arn user = local.name }