27 lines
830 B
Markdown
27 lines
830 B
Markdown
# AWS IAM user
|
|
|
|
This module creates and manages an IAM user in an AWS account with an IAM access
|
|
key. It works conjointly with my [tofu module for IAM
|
|
roles](https://git.adyxax.org/adyxax/tofu-module-aws-iam-role).
|
|
|
|
It provides a default set of policies allowing my Forgejo workflows to run tests
|
|
and continuous integration tasks on AWS.
|
|
|
|
## Usage example
|
|
|
|
``` hcl
|
|
module "aws_iam_user" {
|
|
source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-user?depth=1&ref=1.0.0"
|
|
|
|
assume_role_account_names = [ "core", "tests" ]
|
|
name = local.name
|
|
}
|
|
```
|
|
|
|
## Policies
|
|
|
|
The IAM user is granted the following permissions on the AWS account:
|
|
- Assume roles in AWS sub-accounts specified by the
|
|
`var.assume_role_account_names` list.
|
|
- Manage the repository's own IAM access key.
|
|
- Read the user IAM object.
|