Skip to content

Instantly share code, notes, and snippets.

View inputs.tf
variable "client" {
type = map
}
variable "users" {
type = list(string)
}
View client_bucket.tf
resource "aws_iam_group_policy" "client_bucket" {
name = "${aws_iam_group.client.name}-bucket=policy"
group = aws_iam_group.client.name
policy = data.aws_iam_policy_document.client_bucket.json
}
View client_user_group.tf
resource "aws_iam_group" "client" {
name = var.client.name
}
View client_user_group.tf
resource "aws_iam_user" "client" {
count = length(var.users)
name = element(var.users, count.index)
}
resource "aws_iam_access_key" "client" {
count = length(var.users)
user = element(aws_iam_user.client, count.index).name
}
View client_bucket.tf
resource "aws_s3_bucket" "client_bucket" {
bucket = sha1(format("my_super_secret_key:%s", var.client.name))
region = var.client.region
acl = "private"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
View client.tfvars
client = {
region = "eu-west-2"
name = "test-client"
}
users = ["alice", "bob", "charlie"]
View aws-hello-world.tf
resource "aws_iam_user_policy" "test_client" {
name = "test_policy"
user = aws_iam_user.test_client.name
policy = data.aws_iam_policy_document.test_client.json
}
View aws-hello-world.tf
data "aws_iam_policy_document" "test_client" {
statement {
actions = [
"s3:ListBucket",
"s3:GetBucketLocation"
]
resources = [aws_s3_bucket.test_client_bucket.arn]
}
statement {
actions = [
View aws-hello-world.tf
resource "aws_iam_access_key" "test_client" {
user = aws_iam_user.test_client.name
}
View aw
resource "aws_iam_access_key" "test_client" {
user = aws_iam_user.test_client.name
}