Configures IAM users, groups and roles in three groups: Admin, Basic, and Alumni
- Alumni: Administrator access
- Basic: Change Password and Manage Self Identity
- Alumni: Deny All access
Users of this module should ensure that each set of users is an exclusive group.
module "user_management" {
source = "dod-iac/user-management/aws"
admin_users = {
"Admin User" = {
Name = "Admin User"
Email = "adminuser@example.com"
}
}
basic_users = {
"Basic User" = {
Name = "Basic User"
Email = "basicuser@example.com"
}
}
alumni_users = {
"Alumni User" = {
Name = "Alumni User"
Email = "alumniuser@example.com"
}
}
}Terraform 0.13. Pin module version to ~> 1.0.0 . Submit pull-requests to master branch.
Terraform 0.11 and 0.12 are not supported.
This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | ~> 3.0 |
| Name | Version |
|---|---|
| aws | ~> 3.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_group.admin | resource |
| aws_iam_group.alumni | resource |
| aws_iam_group.basic | resource |
| aws_iam_group_policy_attachment.admin_administrator | resource |
| aws_iam_group_policy_attachment.alumni_deny_all | resource |
| aws_iam_group_policy_attachment.basic_change_passwd | resource |
| aws_iam_policy.deny_all | resource |
| aws_iam_role.admin | resource |
| aws_iam_role_policy_attachment.admin_administrator | resource |
| aws_iam_user.user | resource |
| aws_iam_user_group_membership.user | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.assume_role_policy | data source |
| aws_iam_policy_document.deny_all | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| admin_group_name | Name of the Admin Group | string |
"admin" |
no |
| admin_users | Set of Admin IAM Users with tags. | map |
{} |
no |
| alumni_group_name | Name of the Alumni Group | string |
"alumni" |
no |
| alumni_users | Set of Alumni IAM Users with tags. | map |
{} |
no |
| basic_group_name | Name of the Basic Group | string |
"basic" |
no |
| basic_users | Set of Basic IAM Users with tags. | map |
{} |
no |
| tags | Tags for resources | map |
{} |
no |
| Name | Description |
|---|---|
| admin_group | Admin Group |
| admin_role | Admin Role |
| alumni_group | Alumni Group |
| basic_group | Basic Group |
| users | Users |