文章/答案/技术大牛

发布

社区首页 >问答首页 >如何在terraform中创建iam-用户模块，以涵盖3种iam-用户场景

问如何在terraform中创建iam-用户模块，以涵盖3种iam-用户场景
EN

Stack Overflow用户

提问于 2022-03-31 07:50:11

回答 1查看 423关注 0票数 0

请您在这里帮助您如何在terraform中创建iam-用户模块以涵盖3种iam-用户场景？

PS:我不想在模块/iam/iam/下创建嵌套目录，让每个iam-用户案例分开。

以下是设想情况：

// Type 1
resource "aws_iam_user" "aws_iam_user_000" {
  name                 = "user-000"
  permissions_boundary = data.aws_iam_policy.permission_boundary.arn
}

resource "aws_iam_user_policy_attachment" "aws_iam_user_000" {
  policy_arn = aws_iam_policy.s3_iam_policy.arn
  user       = aws_iam_user.aws_iam_user_000.name
}

// Type 2

resource "aws_iam_user" "aws_iam_user_001" {
  path                 = "/"
  for_each             = toset(var.user_lists)
  name                 = each.value
  force_destroy        = true
  permissions_boundary = data.aws_iam_policy.permission_boundary.arn
}

resource "aws_iam_group" "aws_iam_group_001" {
  name = "group-0001"
}
resource "aws_iam_user_group_membership" "group-membership" {
  for_each = toset(var.user_lists)
  user     = aws_iam_user.aws_iam_user_001[each.value].name
  groups   = [aws_iam_group.aws_iam_group_001.name]
}

// Type 3

resource "aws_iam_user" "aws_iam_user_0002" {
  name                 = "user-002"
  tags                 = { "user_type" = "admin_account" }
  permissions_boundary = data.aws_iam_policy.permission_boundary.arn
}

amazon-web-services

terraform

amazon-iam

terraform-modules

回答 1

Stack Overflow用户

发布于 2022-03-31 08:02:43

如果我对您的理解是正确的，那么您应该能够使用count和for_each来完成这一任务，如下所示。

variables.tf

variable "is_admin" {
  type    = bool
  default = false
}

variable "user_lists" {
  type    = list(any)
  default = null
}

main.tf

// Type 1 and Type 3
resource "aws_iam_user" "this" {
  count = var.user_lists == null ? 1 : 0

  name                 = var.is_admin ? "user-000" : "user-002"
  permissions_boundary = data.aws_iam_policy.permission_boundary.arn
  tags                 = var.is_admin ? { "user_type" = "admin_account" } : null
}

resource "aws_iam_user_policy_attachment" "this" {
  count = var.user_lists == null ? 1 : 0

  policy_arn = aws_iam_policy.s3_iam_policy.arn
  user       = aws_iam_user.this[0].name
}

// Type 2
resource "aws_iam_user" "from_list" {
  for_each = var.user_lists != null ? toset(var.user_lists) : []

  path                 = "/"
  name                 = each.value
  force_destroy        = true
  permissions_boundary = data.aws_iam_policy.permission_boundary.arn
}

resource "aws_iam_group" "from_list" {
  count = var.user_lists == null ? 1 : 0

  name = "group-0001"
}

resource "aws_iam_user_group_membership" "this" {
  for_each = var.user_lists != null ? toset(var.user_lists) : []

  user   = aws_iam_user.from_list[each.value].name
  groups = [aws_iam_group.from_list[0].name]
}

票数 1

页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://stackoverflow.com/questions/71688812

复制

相似问题

问如何在terraform中创建iam-用户模块，以涵盖3种iam-用户场景
EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如何在terraform中创建iam-用户模块，以涵盖3种iam-用户场景EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如何在terraform中创建iam-用户模块，以涵盖3种iam-用户场景
EN