Terraform - IAM - 기본 구성

terraform/iam/users/.terraform.lock.hcl

@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "5.34.0"
+  constraints = "~> 5.0"
+  hashes = [
+    "h1:Tbq6dKE+XyXmkup6+7eQj2vH+eCJipk8R3VXhebVYi4=",
+    "zh:01bb20ae12b8c66f0cacec4f417a5d6741f018009f3a66077008e67cce127aa4",
+    "zh:3b0c9bdbbf846beef2c9573fc27898ceb71b69cf9d2f4b1dd2d0c2b539eab114",
+    "zh:5226ecb9c21c2f6fbf1d662ac82459ffcd4ad058a9ea9c6200750a21a80ca009",
+    "zh:6021b905d9b3cd3d7892eb04d405c6fa20112718de1d6ef7b9f1db0b0c97721a",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:9e61b8e0ccf923979cd2dc1f1140dbcb02f92248578e10c1996f560b6306317c",
+    "zh:ad6bf62cdcf531f2f92f6416822918b7ba2af298e4a0065c6baf44991fda982d",
+    "zh:b698b041ef38837753bbe5265dddbc70b76e8b8b34c5c10876e6aab0eb5eaf63",
+    "zh:bb799843c534f6a3f072a99d93a3b53ff97c58a96742be15518adf8127706784",
+    "zh:cebee0d942c37cd3b21e9050457cceb26d0a6ea886b855dab64bb67d78f863d1",
+    "zh:e061fdd1cb99e7c81fb4485b41ae000c6792d38f73f9f50aed0d3d5c2ce6dcfb",
+    "zh:eeb4943f82734946362696928336357cd1d36164907ae5905da0316a67e275e1",
+    "zh:ef09b6ad475efa9300327a30cbbe4373d817261c8e41e5b7391750b16ef4547d",
+    "zh:f01aab3881cd90b3f56da7c2a75f83da37fd03cc615fc5600a44056a7e0f9af7",
+    "zh:fcd0f724ebc4b56a499eb6c0fc602de609af18a0d578befa2f7a8df155c55550",
+  ]
+}

terraform/iam/users/main.tf

@@ -0,0 +1,9 @@
+provider "aws" {
+  region = var.aws_region
+}
+
+module "users" {
+  source    = "./modules"
+  aws_region = var.aws_region
+  iam_users  = var.iam_users
+}

terraform/iam/users/modules/users.tf

@@ -0,0 +1,28 @@
+variable "aws_region" {}
+variable "iam_users" {}
+
+# provider "aws" {
+#   region = var.aws_region
+# }
+
+locals {
+  user_policies = flatten([for name, policies in var.iam_users : [for policy in policies.policies : { user = name, policy = policy }]])
+  users = toset([for user in local.user_policies : user.user])
+}
+
+resource "aws_iam_user" "iam_user" {
+  for_each = local.users
+
+  name = each.key
+}
+
+resource "aws_iam_user_policy_attachment" "policy_attachment" {
+  count = length(local.user_policies)
+
+  user       = aws_iam_user.iam_user[local.user_policies[count.index].user].name
+  policy_arn = local.user_policies[count.index].policy
+}
+
+# output "users_result" {
+#   value = local.user_policies
+# }

terraform/iam/users/outputs.tf

@@ -0,0 +1,3 @@
+# output "users_result" {
+#   value = module.users.users_result
+# }

terraform/iam/users/variables.tf

@@ -0,0 +1,44 @@
+variable "aws_region" {
+  default     = "ap-northeast-2"
+}
+
+variable "iam_users" {
+  type = map(object({
+    policies = list(string)
+  }))
+  default = {
+    dsk-devops = {
+      policies = [
+        "arn:aws:iam::aws:policy/AmazonS3FullAccess",
+        "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
+      ]
+    }
+  }
+}
+
+# variable "iam_users" {
+#   type = map(object({
+#     policies = list(string)
+#   }))
+#   default = {
+#     dsk-devops = {
+#       policies = [
+#         "arn:aws:iam::aws:policy/AmazonS3FullAccess",
+#         "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"
+#       ]
+#     },
+#     dsk-developer = {
+#       policies = ["arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"]
+#     },
+#     dsk-readonly = {
+#       policies = [
+#         "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"
+#       ]
+#     },
+#     dsk-s3-uploader = {
+#       policies = [
+#         "arn:aws:iam::aws:policy/AmazonS3FullAccess"
+#       ]
+#     }
+#   }
+# }

terraform/iam/users/version.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}