2020-05-25 18:49:07 +02:00
|
|
|
resource "aws_iam_user" "nimbus_team" {
|
|
|
|
name = var.nimbus_team_members[count.index]
|
|
|
|
count = length(var.nimbus_team_members)
|
|
|
|
tags = { Purpose = "Nimbus team Console access" }
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "aws_iam_group" "nimbus_team" {
|
|
|
|
name = "nimbus-team-members"
|
|
|
|
path = "/users/"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "aws_iam_access_key" "nimbus_team" {
|
2021-06-23 09:44:06 +02:00
|
|
|
user = aws_iam_user.nimbus_team[count.index].name
|
|
|
|
count = length(aws_iam_user.nimbus_team)
|
2020-05-25 18:49:07 +02:00
|
|
|
|
|
|
|
/* GPG key for encrypting the secret key */
|
|
|
|
pgp_key = file("files/${aws_iam_user.nimbus_team[count.index].name}.gpg")
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "aws_iam_user_login_profile" "nimbus_team" {
|
|
|
|
user = aws_iam_user.nimbus_team[count.index].name
|
|
|
|
count = length(var.nimbus_team_members)
|
|
|
|
|
|
|
|
/* GPG key for encrypting the secret key */
|
|
|
|
pgp_key = file("files/${aws_iam_user.nimbus_team[count.index].name}.gpg")
|
|
|
|
|
|
|
|
/* Make user change password after first login */
|
|
|
|
password_reset_required = true
|
|
|
|
|
|
|
|
/* Avoid re-creating due to password change */
|
|
|
|
lifecycle {
|
|
|
|
ignore_changes = [password_length, password_reset_required, pgp_key]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "aws_iam_group_membership" "nimbus_team" {
|
|
|
|
name = "nimbus-team-group-membership"
|
|
|
|
group = aws_iam_group.nimbus_team.name
|
|
|
|
users = aws_iam_user.nimbus_team.*.name
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "aws_iam_group_policy_attachment" "nimbus_team" {
|
|
|
|
group = aws_iam_group.nimbus_team.name
|
|
|
|
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
|
|
|
|
}
|
|
|
|
|
|
|
|
/* These are encrypted using the GPG key, uncomment to get the password. */
|
|
|
|
/*
|
|
|
|
output "nimbus_team_passwords" {
|
|
|
|
value = {
|
|
|
|
for profile in aws_iam_user_login_profile.nimbus_team:
|
|
|
|
profile.user => profile.encrypted_password
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*/
|