iam-system-user
cloudposse/iam-system-user/aws
Terraform Module to Provision a Basic IAM System User Suitable for CI/CD Systems (E.g. TravisCI, CircleCI)
terraform-aws-iam-system-user Terraform Module to provision a basic IAM system user suitable for CI/CD Systems (_e.g._ TravisCI, CircleCI) or systems which are external to AWS that cannot leverage AWS IAM Instance Profiles or AWS OIDC. We do not recommend creating IAM users this way for any other purpose. By default, IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. This module intentionally attaches an IAM policy directly to the user and does not use groups The IAM user name is constructed using terraform-null-label and some input is required. The simplest input is name. By default the name will be con
| Name | Type | Description | Default |
|---|---|---|---|
| tenant | string | ID element _(Rarely used, not included by default)_. A customer identifier, indi | null |
| environment | string | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'st | null |
| inline_policies | list(string) | Inline policies to attach to our created user | [] |
| policy_arns_map | map(string) | Policy ARNs to attach (descriptive key => arn) | {} |
| enabled | bool | Set to false to prevent the module from creating any resources | null |
| tags | map(string) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the t | {} |
| inline_policies_map | map(string) | Inline policies to attach (descriptive key => policy) | {} |
| policy_arns | list(string) | Policy ARNs to attach to our created user | [] |
| ssm_ses_smtp_password_enabled | bool | Whether or not to create an SES SMTP password | false |
| ssm_base_path | string | The base path for SSM parameters where secrets are stored | "/system_user/" |
| context | any | Single object for setting entire context at once. See description of individual | {
"additional_tag_map": {},
"attribu |
| namespace | string | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp' | null |
| attributes | list(string) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, | [] |
| label_order | list(string) | The order in which the labels (ID elements) appear in the `id`. Defaults to ["na | null |
| label_value_case | string | Controls the letter case of ID elements (labels) as included in `id`, set as tag | null |
| labels_as_tags | set(string) | Set of labels (ID elements) to include as tags in the `tags` output. Default is | [
"default"
] |
| descriptor_formats | any | Describe additional descriptors to be output in the `descriptors` output map. Ma | {} |
| force_destroy | bool | Destroy the user even if it has non-Terraform-managed IAM access keys, login pro | false |
| ssm_enabled | bool | Set `true` to store secrets in SSM Parameter Store, ` false` to store secrets in | true |
| stage | string | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'bu | null |
user_name — Normalized IAM user namessm_enabled — `true` when secrets are stored in SSM Parameter store,
`false` when secrets are stored in Terraform access_key_id — The access key IDses_smtp_password_v4 — When `ssm_enabled` is false, this is the secret access key converted into an SES SMTP password
by apsecret_access_key_ssm_path — The SSM Path under which the IAM User's secret access key is storedses_smtp_password_v4_ssm_path — The SSM Path under which the IAM User's SES SMTP password is storeduser_arn — The ARN assigned by AWS for this useruser_unique_id — The unique ID assigned by AWSsecret_access_key — When `ssm_enabled` is `false`, this is the secret access key for the IAM user.
This will be written access_key_id_ssm_path — The SSM Path under which the IAM User's access key ID is storedAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,