#Mastering Identity and Access Management (IAM):
#Creating Users, Groups, Roles, and Policies"
resource "aws_iam_user" "Example" {
name = "Tester"
path = "/"
}
resource "aws_iam_access_key" "Key" {
user = aws_iam_user.Example.name
}
resource "aws_iam_user_login_profile" "Profile" {
user = aws_iam_user.Example.name
password_length = 15
password_reset_required = true
}
resource "aws_iam_role" "TestRole" {
name = "Testing"
path = "/"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Action = "sts:AssumeRole"
Sid = "AssumeRole"
Principal = {
Service = "ec2.amazonaws.com"
}
}, ]
})
}
resource "aws_iam_group" "Group" {
name = "DevGroup"
}
resource "aws_iam_group_membership" "Member" {
name = "Devs"
users = [aws_iam_user.Example.name]
group = aws_iam_group.Group.name
}
resource "aws_iam_policy" "Policy" {
name = "TestPolicy"
path = "/"
policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Action = ["ec2:Describe*"]
Resource = "*"
}, ]
})
}
resource "aws_iam_policy_attachment" "Attach" {
name = "test-attach"
users = [aws_iam_user.Example.name]
roles = [aws_iam_role.TestRole.id]
groups = [aws_iam_group.Group.name]
policy_arn = aws_iam_policy.Policy.arn
}
This code is written in HashiCorp Configuration Language (HCL) and is using Terraform, an infrastructure as code tool, to manage Identity and Access Management (IAM) resources in Amazon Web Services (AWS). Let's break down the code and understand what each section does:
Aws_iam_user: This resource defines an IAM user named "Tester" with a specified path ("/"). The user resource is used to create and manage IAM users in AWS.
Aws_iam_access_key: This resource creates an access key for the IAM user defined in the previous resource. Access keys are used for programmatic access to AWS services and resources.
Aws_iam_user_login_profile: This resource creates a login profile for the IAM user. It specifies the user, password length, and sets the password reset requirement. The login profile allows the user to access AWS services using the AWS Management Console.
5.** Aws_iam_role:** This resource creates an IAM role named "Testing" with a specified path ("/"). The role is used to delegate permissions to AWS services or users.
Assume_role_policy: This block specifies the trust policy for the IAM role, which defines who can assume the role. In this case, the role can be assumed by the Amazon EC2 service (identified by "ec2.amazonaws.com").
Aws_iam_group: This resource creates an IAM group named "DevGroup". Groups are used to manage sets of IAM users and apply policies to the group as a whole.
Aws_iam_group_membership: This resource adds the IAM user defined earlier to the "DevGroup" group. The user is associated with the group using its name.
Aws_iam_policy: This resource creates an IAM policy named "TestPolicy" with a specified path ("/"). The policy allows the "ec2:Describe*" action on all resources. Policies are used to define permissions and access control for AWS resources.
Aws_iam_policy_attachment: This resource attaches the IAM policy created in the previous resource to various entities. It attaches the policy to the IAM user, IAM role, and IAM group defined earlier.
- users: The IAM user to attach the policy to.
- roles: The IAM role to attach the policy to.
- groups: The IAM group to attach the policy to.
- Policy_arn: The ARN (Amazon Resource Name) of the IAM policy to attach.
These resources and their configurations work together to create IAM users, groups, roles, and policies in AWS, and define the relationships between them.
Top comments (0)