Skip to content

Latest commit

 

History

History
 
 

groups

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
data
data
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
terraform.tfvars
terraform.tfvars
 
 
variables.tf
variables.tf
 
 

README.md

Groups

This example creates policies and various different groups.

Overview

You can define as many groups as desired and reference them by their names in var.users in order to attach as many groups to a specific user as needed.

  • When using the policies key, respective policies must be defined in var.policies.

Examples

Note: The following example only shows the creation of a single group. You can however create as many groups as desired. Also re-arranging them within the list will not trigger terraform to change or destroy resources as they're internally stored in a map (rather than a list) by their group names as keys (See module's locals.tf for transformation).

Groups are defined as follows:

terraform.tfvars

groups = [
  {
    name       = "group-name" # Name of the group (reference this in var.users for attachment)
    path       = "/path/"     # Defaults to 'var.group_path' if variable is set to null
    policies   = [
      "policy-name-1",        # policy-name-1 must be defined in var.policies
      "policy-name-2",        # policy-name-2 must be defined in var.policies
    ]
    policy_arns = [           # Attach policies by ARN
      "arn:aws:iam::aws:policy/AmazonEC2FullAccess",
      "arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess",
    ]
    inline_policies = [       # Attach inline policies defined via JSON files
      {
        name = "inline-policy-1"
        file = "data/policies/kms-ro.json"
        vars = {}
      },
      {
        name = "inline-policy-2"
        file = "data/policies/sqs-ro.json.tmpl"
        vars = {  # You can use variables inside JSON files
          var1 = "Some value",
          var2 = "Another value",
        }
      },
    ]
  },
]

If you want to attach dynamic policies created via aws_iam_policy_document. Have a look at this Example.

Usage

To run this example you need to execute:

$ terraform init
$ terraform plan
$ terraform apply

Note that this example may create resources which cost money. Run terraform destroy when you don't need these resources.

Requirements

No requirements.

Providers

No provider.

Inputs

Name Description Type Default Required
policies A list of dictionaries defining all policies. 
list(object({
    name = string      # Name of the policy
    path = string      # Defaults to 'var.policy_path' if variable is set to null
    desc = string      # Defaults to 'var.policy_desc' if variable is set to null
    file = string      # Path to json or json.tmpl file of policy
    vars = map(string) # Policy template variables {key: val, ...}
  }))
 [] no
groups A list of dictionaries defining all groups. 
list(object({
    name        = string       # Name of the group
    path        = string       # Defaults to 'var.group_path' if variable is set to null
    policies    = list(string) # List of names of policies (must be defined in var.policies)
    policy_arns = list(string) # List of existing policy ARN's
    inline_policies = list(object({
      name = string      # Name of the inline policy
      file = string      # Path to json or json.tmpl file of policy
      vars = map(string) # Policy template variables {key = val, ...}
    }))
  }))
 [] no

Outputs

Name Description
policies Created customer managed IAM policies
groups Created groups