# AWS IAM user

This module creates and manages an IAM user in an AWS account with an IAM access
key. It works conjointly with my [tofu module for IAM
roles](https://git.adyxax.org/adyxax/tofu-module-aws-iam-role).

It provides a default set of policies allowing my Forgejo workflows to run tests
and continuous integration tasks on AWS.

## Usage example

``` hcl
module "aws_iam_user" {
  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-user?depth=1&ref=1.0.0"

  assume_role_account_names = [ "core", "tests" ]
  name                      = local.name
}
```

## Policies

The IAM user is granted the following permissions on the AWS account:
- Assume roles in AWS sub-accounts specified by the
  `var.assume_role_account_names` list.
- Manage the repository's own IAM access key.
- Read the user IAM object.