terraform-aws-user-management/iam_groups.tf at main · flickerfly/terraform-aws-user-management · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#
# Admin
#

resource "aws_iam_group" "admin" {
  name = var.admin_group_name
}

resource "aws_iam_group_policy_attachment" "admin_administrator" {
  group = aws_iam_group.admin.name
  policy_arn = format(
    "arn:%s:iam::aws:policy/AdministratorAccess",
    data.aws_partition.current.partition
  )
}

#
# Basic
#

resource "aws_iam_group" "basic" {
  name = var.basic_group_name
}

resource "aws_iam_group_policy_attachment" "basic_change_passwd" {
  group = aws_iam_group.basic.name
  policy_arn = format(
    "arn:%s:iam::aws:policy/IAMUserChangePassword",
    data.aws_partition.current.partition,
  )

}

#
# Alumni
#

resource "aws_iam_group" "alumni" {
  name = var.alumni_group_name
}

resource "aws_iam_group_policy_attachment" "alumni_deny_all" {
  group      = aws_iam_group.alumni.name
  policy_arn = aws_iam_policy.deny_all.arn
}