Terraform - dsk-devops 사용자 권한 수정

2024-01-31 14:03:31 +09:00
parent d0589a0de6
commit 1f75f3e907
1 changed files with 3 additions and 29 deletions
--- a/terraform/iam/users/variables.tf
+++ b/terraform/iam/users/variables.tf
@@ -16,8 +16,9 @@ variable "iam_users" {
    dsk-devops = {
      policies = [
        "arn:aws:iam::508259851457:policy/DSK_LambdaExecute",
-        "arn:aws:iam::aws:policy/AmazonS3FullAccess",
+        "arn:aws:iam::508259851457:policy/DSK_KeyManagementService",
        "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
+        "arn:aws:iam::aws:policy/AmazonS3FullAccess",
        "arn:aws:iam::aws:policy/SecurityAudit",
        "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess",
        "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess"
@@ -40,30 +41,3 @@ variable "iam_users" {
    }
  }
 }
-
-# variable "iam_users" {
-#   type = map(object({
-#     policies = list(string)
-#   }))
-#   default = {
-#     dsk-devops = {
-#       policies = [
-#         "arn:aws:iam::aws:policy/AmazonS3FullAccess",
-#         "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"
-#       ]
-#     },
-#     dsk-developer = {
-#       policies = ["arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"]
-#     },
-#     dsk-readonly = {
-#       policies = [
-#         "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"
-#       ]
-#     },
-#     dsk-s3-uploader = {
-#       policies = [
-#         "arn:aws:iam::aws:policy/AmazonS3FullAccess"
-#       ]
-#     }
-#   }
-# }