aws-terraform-iam_resources/modules/user_group/main.tf at master · rackspace-infrastructure-automation/aws-terraform-iam_resources · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
/*
* # aws-terraform-iam_resources/modules/user_group
*
* This submodule creates an IAM User Group
*
* ## Basic Usage
*
* ```
* module "user_4" {
*   source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-iam_resources//modules/user_group?ref=v0.0.1"
*
*   user_names = ["testuser4a"]
* }
* ```
*
* Full working references are available at [examples](examples)
*/

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 4.0"
    }
  }
}

provider "aws" {
  region = "us-east-1"
}

resource "aws_iam_user" "user" {
  count = length(var.user_names)

  name = element(var.user_names, count.index)
  path = "/"
}

resource "aws_iam_group_membership" "team" {
  count = var.group_name == "" ? 0 : 1

  group = element(concat(aws_iam_group.group.*.name, [""]), 0)
  name  = "${var.group_name}-group-membership"
  users = concat(aws_iam_user.user.*.name, var.existing_user_names)
}

resource "aws_iam_group" "group" {
  count = var.group_name == "" ? 0 : 1

  name = var.group_name
  path = "/"
}

resource "aws_iam_group_policy_attachment" "policy" {
  count = var.group_name == "" ? 0 : var.policy_arns_count

  group      = element(concat(aws_iam_group.group.*.name, [""]), 0)
  policy_arn = element(var.policy_arns, count.index)
}