Skip to content

Commit 9a8d5cb

Browse files
enverbryantbiggs
enver
and
bryantbiggs
authored
fix: Update self manage policy to support users with path (#335)
Co-authored-by: Bryant Biggs <[email protected]>
1 parent ae093dd commit 9a8d5cb

File tree

2 files changed

+25
-7
lines changed

2 files changed

+25
-7
lines changed

examples/iam-group-with-policies/main.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ module "iam_user2" {
1414
source = "../../modules/iam-user"
1515

1616
name = "user2"
17+
path = "/developers/"
1718

1819
create_iam_user_login_profile = false
1920
create_iam_access_key = false

modules/iam-group-with-policies/policies.tf

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,10 @@ data "aws_iam_policy_document" "iam_self_management" {
3535
"iam:GetUser"
3636
]
3737

38-
resources = ["arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}"]
38+
resources = [
39+
"arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}",
40+
"arn:${local.partition}:iam::${local.aws_account_id}:user/*/$${aws:username}"
41+
]
3942
}
4043

4144
statement {
@@ -50,7 +53,10 @@ data "aws_iam_policy_document" "iam_self_management" {
5053
"iam:UpdateAccessKey"
5154
]
5255

53-
resources = ["arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}"]
56+
resources = [
57+
"arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}",
58+
"arn:${local.partition}:iam::${local.aws_account_id}:user/*/$${aws:username}"
59+
]
5460
}
5561

5662
statement {
@@ -65,7 +71,10 @@ data "aws_iam_policy_document" "iam_self_management" {
6571
"iam:UploadSigningCertificate"
6672
]
6773

68-
resources = ["arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}"]
74+
resources = [
75+
"arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}",
76+
"arn:${local.partition}:iam::${local.aws_account_id}:user/*/$${aws:username}"
77+
]
6978
}
7079

7180
statement {
@@ -81,7 +90,10 @@ data "aws_iam_policy_document" "iam_self_management" {
8190
"iam:UploadSSHPublicKey"
8291
]
8392

84-
resources = ["arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}"]
93+
resources = [
94+
"arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}",
95+
"arn:${local.partition}:iam::${local.aws_account_id}:user/*/$${aws:username}"
96+
]
8597
}
8698

8799
statement {
@@ -97,7 +109,10 @@ data "aws_iam_policy_document" "iam_self_management" {
97109
"iam:UpdateServiceSpecificCredential"
98110
]
99111

100-
resources = ["arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}"]
112+
resources = [
113+
"arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}",
114+
"arn:${local.partition}:iam::${local.aws_account_id}:user/*/$${aws:username}"
115+
]
101116
}
102117

103118
statement {
@@ -124,8 +139,10 @@ data "aws_iam_policy_document" "iam_self_management" {
124139
"iam:ResyncMFADevice"
125140
]
126141

127-
resources = ["arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}"]
128-
142+
resources = [
143+
"arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}",
144+
"arn:${local.partition}:iam::${local.aws_account_id}:user/*/$${aws:username}"
145+
]
129146
}
130147

131148
statement {

0 commit comments

Comments
 (0)