50 lines
1.1 KiB
HCL
50 lines
1.1 KiB
HCL
locals {
|
|
name = "tofu-module-aws-iam-ci-user"
|
|
}
|
|
|
|
module "aws_iam_ci_user" {
|
|
providers = {
|
|
aws.core = aws.all["core"]
|
|
aws.root = aws.all["root"]
|
|
aws.tests = aws.all["tests"]
|
|
}
|
|
source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.0.0"
|
|
|
|
core_policy_statements = jsonencode([
|
|
{
|
|
Action = "iam:*"
|
|
Effect = "Allow"
|
|
Resource = "arn:aws:iam::*:role/tftest"
|
|
},
|
|
])
|
|
name = local.name
|
|
tests_policy_statements = jsonencode([{
|
|
Action = "iam:*"
|
|
Effect = "Allow"
|
|
Resource = "arn:aws:iam::*:role/tftest",
|
|
}])
|
|
}
|
|
|
|
resource "aws_iam_policy" "tftest" {
|
|
provider = aws.all["root"]
|
|
|
|
name = "${local.name}-tftest"
|
|
policy = jsonencode({
|
|
Statement = [{
|
|
Action = "iam:*"
|
|
Effect = "Allow"
|
|
Resource = [
|
|
"arn:aws:iam::*:user/tftest",
|
|
"arn:aws:iam::*:policy/${local.name}-tftest",
|
|
]
|
|
}]
|
|
Version = "2012-10-17"
|
|
})
|
|
}
|
|
|
|
resource "aws_iam_user_policy_attachment" "tftest" {
|
|
provider = aws.all["root"]
|
|
|
|
policy_arn = aws_iam_policy.tftest.arn
|
|
user = local.name
|
|
}
|