This project is used to manage IAM user accounts for non-admin users.
All admin users are set up in the
cool-accounts repository
(in the users subdirectory).
Your "users" provider must have AWS permissions to provision users and attach
policies to them. We recommend creating your Users account via the
cool-accounts repository.
-
Create a Terraform workspace (if you haven't already done so) by running
terraform workspace new <workspace_name> -
Create a
<workspace_name>.tfvarsfile with all of the required variables (see Inputs below for details):users = [ "firstname1.lastname1", "firstname2.lastname2", "firstname3.lastname3", ]
-
Run the command
terraform init. -
Run the command
terraform apply -var-file=<workspace_name>.tfvars.
| Name | Version |
|---|---|
| terraform | ~> 1.0 |
| aws | ~> 3.38 |
| Name | Version |
|---|---|
| aws | ~> 3.38 |
| aws.users | ~> 3.38 |
| terraform | n/a |
No modules.
| Name | Type |
|---|---|
| aws_iam_user.users | resource |
| aws_iam_user_policy_attachment.self_managed_creds_with_mfa | resource |
| aws_iam_user_policy_attachment.self_managed_creds_without_mfa | resource |
| aws_caller_identity.current | data source |
| terraform_remote_state.users | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_region | The AWS region where the non-global resources are to be provisioned (e.g. "us-east-1"). | string |
"us-east-1" |
no |
| non_self_admin_users | A list containing the usernames of non-admin users that are not allowed to administer their own accounts. Example: [ "service-account1", "service-account2", "service-account3" ] | list(string) |
[] |
no |
| tags | Tags to apply to all AWS resources created. | map(string) |
{} |
no |
| users | A map whose keys are the usernames of each non-admin user and whose values are a map containing supported user attributes. The only currently-supported attribute is "require_mfa" (boolean). Example: { "firstname1.lastname1" = { "require_mfa" = false }, "firstname2.lastname2" = { "require_mfa" = true }, "firstname3.lastname3" = { "require_mfa" = false } } | map(map(string)) |
n/a | yes |
No outputs.
Running pre-commit requires running terraform init in every directory that
contains Terraform code. In this repository, this is only the main directory.
We welcome contributions! Please see CONTRIBUTING.md for
details.
This project is in the worldwide public domain.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent