AWS IAM Resources in Terraform
1. IAM User
Resource Block:
resource "aws_iam_user" "example" {
name = "example-user"
tags = {
Name = "example-user"
}
}Notes:
namespecifies the IAM user name.
2. IAM Group
Resource Block:
resource "aws_iam_group" "example" {
name = "example-group"
tags = {
Name = "example-group"
}
}Notes:
namespecifies the IAM group name.
3. IAM Role
Resource Block:
resource "aws_iam_role" "example" {
name = "example-role"
assume_role_policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Action = "sts:AssumeRole",
Effect = "Allow",
Principal = {
Service = "ec2.amazonaws.com",
},
},
],
})
tags = {
Name = "example-role"
}
}Notes:
assume_role_policydefines the policy that grants an entity permission to assume the role.
4. IAM Policy
Resource Block:
resource "aws_iam_policy" "example" {
name = "example-policy"
description = "A test policy"
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Effect = "Allow",
Action = "s3:*",
Resource = "*",
},
],
})
tags = {
Name = "example-policy"
}
}Notes:
policyspecifies the policy document in JSON format.descriptionis an optional field for a brief description of the policy.
5. IAM User Policy
Resource Block:
resource "aws_iam_user_policy" "example" {
name = "example-user-policy"
user = aws_iam_user.example.name
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Effect = "Allow",
Action = "s3:*",
Resource = "*",
},
],
})
}Notes:
userspecifies the IAM user to attach the policy to.
6. IAM Group Policy
Resource Block:
resource "aws_iam_group_policy" "example" {
name = "example-group-policy"
group = aws_iam_group.example.name
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Effect = "Allow",
Action = "ec2:DescribeInstances",
Resource = "*",
},
],
})
}Notes:
groupspecifies the IAM group to attach the policy to.
7. IAM Role Policy
Resource Block:
resource "aws_iam_role_policy" "example" {
name = "example-role-policy"
role = aws_iam_role.example.name
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Effect = "Allow",
Action = "s3:*",
Resource = "*",
},
],
})
}Notes:
rolespecifies the IAM role to attach the policy to.
8. IAM Role Policy Attachment
Resource Block:
resource "aws_iam_role_policy_attachment" "example" {
policy_arn = aws_iam_policy.example.arn
role = aws_iam_role.example.name
}Notes:
policy_arnspecifies the ARN of the IAM policy.rolespecifies the IAM role to attach the policy to.
9. IAM User Group Membership
Resource Block:
resource "aws_iam_user_group_membership" "example" {
user = aws_iam_user.example.name
group = aws_iam_group.example.name
}Notes:
userspecifies the IAM user to add to the group.groupspecifies the IAM group to add the user to.
10. IAM Access Key
Resource Block:
resource "aws_iam_access_key" "example" {
user = aws_iam_user.example.name
tags = {
Name = "example-access-key"
}
}Notes:
userspecifies the IAM user to create an access key for.
Summary
This guide provides basic to intermediate Terraform configurations for managing AWS IAM resources. Use these resource blocks as a foundation for building more complex IAM setups and customize them according to your specific requirements.🚀