sheldonhull/iam.tf

## iam.tf
resource "aws_iam_role" "role" {
  name = "terraform-test-${var.env}-iam-role-for-${var.username}"
  assume_role_policy =  <<-EOT
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ec2:Describe*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
EOT
    tags = var.tags
}

## main.tf
# main.tf
terraform {
  required_version = ">= 0.12.9"
  backend "remote" {
    hostname     = "app.terraform.io"
    organization = "your-terraform-org-name-here"
    workspaces {
      # >>>>>>> THIS WILL CREATE A WORKSPACE FOR project-workspacetext
      # >>>>>>>  Recommend simplify with something consistent like "qa-initial-test-qa"
      prefix = "initial-test-"
    }
  }
}
# To trigger resources press ctrl+space, and then type `tf-` you'll see a ton of great snippets ready to go if you installed the terraform snippets visual studio code extensions

## outputs.tf
#outputs.tf

## provider.tf

variable "allowed_aws_accounts" {
  default = ["123456789"] # Limits access to only our qa account so you can't easily goof and deploy to the wrong place
}

# PROVIDER: AWS https://www.terraform.io/docs/providers/aws/index.html
provider "aws" {
  version                 = "~> 2.7"
  region                  = "${lookup(var.region, var.env)}"
  profile                 = "${lookup(var.profilemap, var.env)}"
  shared_credentials_file = "%USERPROFILE%/.aws/credentials"

  #NOTE: for demo you can set these but don't ever consider it ok to leave this here other than for a quick test. Better to use named profiles to avoid accidentally committing IAM keys to your repo.
  # These in Terraform Cloud will be set as environment variables and automatically applied as to the provider when you use the correct naming per documentation
  #access_key = ""
  #secret_key = ""

  allowed_account_ids     = var.allowed_aws_accounts
}

## terraform.auto.tfvars
# VARIABLES: https://www.terraform.io/docs/cloud/workspaces/variables.
# Don't use terraform.tfvars with terraform cloud, only auto file is ok for this
username = "IForgotToFollowDirections"
tags = {
  Createdby = "IForgotToFollowDirections"
  ManagedBy = "terraform"
  Project
}

## variables.tf
#variables.tf

# NOTE: "env" doesn't have a default value set. This means that you can't run the plan without setting the variable. This ensures the variable is set instead of defaulting and us forgetting
variable "env" {
  type = string
  description = "This will be what you use to identify qa, uat, prod etc. Since we want to support terraform cloud we can't depend on string interpolation with terraform.workspace"
}

variable "region" {
  type = map(string)

  default = {
    qa   = "us-east-1"
    prod = "i-shouldnt-even-go-here-yet"
  }
}

variable "profilemap" {
  type = map(string)

  default = {
    qa   = "my-aws-named-profile-for-qa"
    prod = "i-shouldnt-even-go-here-yet"
  }
}


variable "username" {
    description = "this is my user name and required"

}
variable "tags" {
    description = "tags to apply to resources so people are happy"
}
	resource "aws_iam_role" "role" {
	name = "terraform-test-${var.env}-iam-role-for-${var.username}"
	assume_role_policy = <<-EOT
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": [
	"ec2:Describe*"
	],
	"Effect": "Allow",
	"Resource": "*"
	}
	]
	}
	EOT
	tags = var.tags
	}
	# main.tf
	terraform {
	required_version = ">= 0.12.9"
	backend "remote" {
	hostname = "app.terraform.io"
	organization = "your-terraform-org-name-here"
	workspaces {
	# >>>>>>> THIS WILL CREATE A WORKSPACE FOR project-workspacetext
	# >>>>>>> Recommend simplify with something consistent like "qa-initial-test-qa"
	prefix = "initial-test-"
	}
	}
	}
	# To trigger resources press ctrl+space, and then type `tf-` you'll see a ton of great snippets ready to go if you installed the terraform snippets visual studio code extensions

	variable "allowed_aws_accounts" {
	default = ["123456789"] # Limits access to only our qa account so you can't easily goof and deploy to the wrong place
	}

	# PROVIDER: AWS https://www.terraform.io/docs/providers/aws/index.html
	provider "aws" {
	version = "~> 2.7"
	region = "${lookup(var.region, var.env)}"
	profile = "${lookup(var.profilemap, var.env)}"
	shared_credentials_file = "%USERPROFILE%/.aws/credentials"

	#NOTE: for demo you can set these but don't ever consider it ok to leave this here other than for a quick test. Better to use named profiles to avoid accidentally committing IAM keys to your repo.
	# These in Terraform Cloud will be set as environment variables and automatically applied as to the provider when you use the correct naming per documentation
	#access_key = ""
	#secret_key = ""

	allowed_account_ids = var.allowed_aws_accounts
	}
	# VARIABLES: https://www.terraform.io/docs/cloud/workspaces/variables.
	# Don't use terraform.tfvars with terraform cloud, only auto file is ok for this
	username = "IForgotToFollowDirections"
	tags = {
	Createdby = "IForgotToFollowDirections"
	ManagedBy = "terraform"
	Project
	}
	#variables.tf

	# NOTE: "env" doesn't have a default value set. This means that you can't run the plan without setting the variable. This ensures the variable is set instead of defaulting and us forgetting
	variable "env" {
	type = string
	description = "This will be what you use to identify qa, uat, prod etc. Since we want to support terraform cloud we can't depend on string interpolation with terraform.workspace"
	}

	variable "region" {
	type = map(string)

	default = {
	qa = "us-east-1"
	prod = "i-shouldnt-even-go-here-yet"
	}
	}

	variable "profilemap" {
	type = map(string)

	default = {
	qa = "my-aws-named-profile-for-qa"
	prod = "i-shouldnt-even-go-here-yet"
	}
	}


	variable "username" {
	description = "this is my user name and required"

	}
	variable "tags" {
	description = "tags to apply to resources so people are happy"
	}