feat(module): initial import

2025-04-10 12:37:36 +02:00 · 2025-04-10 12:37:36 +02:00 · a046131bd2
commit a046131bd2
8 changed files with 415 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,27 @@
+# AWS IAM user
+
+This module creates and manages an IAM user in an AWS account with an IAM access
+key. It works conjointly with my [tofu module for IAM
+roles](https://git.adyxax.org/adyxax/tofu-module-aws-iam-role).
+
+It provides a default set of policies allowing my Forgejo workflows to run tests
+and continuous integration tasks on AWS.
+
+## Usage example
+
+``` hcl
+module "aws_iam_user" {
+  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-user?depth=1&ref=1.0.0"
+
+  assume_role_account_names = [ "core", "tests" ]
+  name                      = local.name
+}
+```
+
+## Policies
+
+The IAM user is granted the following permissions on the AWS account:
+- Assume roles in AWS sub-accounts specified by the
+  `var.assume_role_account_names` list.
+- Manage the repository's own IAM access key.
+- Read the user IAM object.