update

terraform/aws_iam/.terraform.lock.hcl

@@ -0,0 +1,44 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/archive" {
+  version     = "1.3.0"
+  constraints = "~> 1.3"
+  hashes = [
+    "h1:T3DszgOa/75SiiONgEDRujpN5rSqIw9TvFZXHjpqMB4=",
+    "zh:115aa6bc7825402a8d4e2e954378a9f48e4fdbeabe081ffd04e0a2f6786159bb",
+    "zh:21f731ffac20a67615c64a7a8a96949c971ee28ffd5807d8c299faba73b5e273",
+    "zh:2e81b58e141b175cbf801ade5e87c5db4cb28933216b0547ef32c95500385904",
+    "zh:3acbb96fd142b4d193dc18861340281249301368029169e346d15410d0572492",
+    "zh:4346edee0dfe97154b6f28d9ef0fa762131db92b78bbd1b3207945201cb59818",
+    "zh:93916a84cc6ff6778456dd170a657326c4dd3a86b4434e424a66a87c2535b888",
+    "zh:ade675c3ac8b9ec91131bac5881fbd4efad46a3683f2fea2efb9493a2c1b9ffb",
+    "zh:b0a0cb13fc850903aa7a057ae7e06366939b8f347926dce1137cd47b9123ad93",
+    "zh:d6d838cceffb7f3ff27fb9b51d78fccdef15bd32408f33a726556bfe66315bd3",
+    "zh:ddc4ac6aea6537f8096ffeb8ff3bca355f0972793184e0f6df120aa6460b4446",
+    "zh:e0d1213625d40d124bd9570f0d92907416f8d61bc8c389c776e72c0a97020cce",
+    "zh:eb707b69f9093b97d98e2dece9822852a27849dd1627d35302e8d6b9801407ef",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version = "4.66.1"
+  hashes = [
+    "h1:D/qzK7fE3pgdg25W1u5GqI+VILy8UmhzXruz6c8rJ7g=",
+    "zh:001c707174b7d6bf89a96cf806f925bb852d1a285fb80b81222cbeb4743bcb79",
+    "zh:19bc6ac0a7fd1c564fd56c536f1743f71a5e7ca724e21ea51a6a79218939733d",
+    "zh:3dac5c27f40b511239e9fe6f97dc0b6c95f630ba328001820ddc764e766a5ca2",
+    "zh:49092c92e2565db4cd4c98ec6878386e6957525d3392b63f0d5df4c48a7c1913",
+    "zh:4f9e2e1d0c5365a4e6689096cc91ba88ca9c0dc7c633377ba674c1dd856b6a9f",
+    "zh:57e32bb454f2dc17d5631a9559e36188761d8ae95a452478f81f41bb568a3a42",
+    "zh:678b78ba629dd833f0705ac90630969f514a54013ab9713ce7ceda55fc5ea138",
+    "zh:8aab1d76348cf2a685f72382cb838a910b77353179e81ab5794b9c45c8fb36a3",
+    "zh:8b6791bf0948aa8b49258863992a8ad7e7332dcae1a889e86da0e5ab778dc3b6",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a36f2777452c2cebdaa8a27378416d512ead367acc078a671bb12276dd4bc9dd",
+    "zh:c492e6f685882fad6481f4793e696d9e1b01aaae419225c2db0a484b632d1cac",
+    "zh:d4418e0d1d18e321db364a91d7a768e274bb0fb46df9f3cb5b9debb2bb6917b9",
+    "zh:d5b4310ef2b2ec22ae14cf909deb1231b56bdd79dc2b51e5db4e46a05e0110c4",
+    "zh:dedfb01e26b34fb61a52b7e953b8bf5d7a69971187e91697b67221298bbed377",
+  ]
+}

terraform/aws_iam/main.tf

@@ -0,0 +1,10 @@
+provider "aws" {
+  region = "ap-northeast-2"
+}
+
+terraform {
+  required_providers {
+    archive = "~> 1.3"
+  }
+}
+

terraform/aws_iam/policy.tf

@@ -0,0 +1,81 @@
+locals {
+  services = {
+    "S3"             : "s3",
+    "EFS"            : "elasticfilesystem",
+    "EC2"            : "ec2",
+    "Autoscaling"    : "autoscaling",
+    "ELB"            : "elasticloadbalancing",
+    "VPC"            : "ec2",
+    "Route53"        : "route53",
+    "Lambda"         : "lambda",
+    "CloudWatch"     : "cloudwatch",
+    "CloudTrail"     : "cloudtrail",
+    "KMS"            : "kms",
+    "CloudFormation" : "cloudformation"
+  }
+}
+
+resource "aws_iam_policy" "read_only" {
+  for_each = local.services
+
+  name   = "${each.key}_ReadOnly_Access"
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+          "${each.value}:List*",
+          "${each.value}:Get*",
+          "${each.value}:Describe*"
+        ],
+        Effect   = "Allow",
+        Resource = "*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_policy" "full_access" {
+  for_each = local.services
+
+  name   = "${each.key}_Full_Access"
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+          "${each.value}:*"
+        ],
+        Effect   = "Allow",
+        Resource = "*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_group" "read_only" {
+  for_each = local.services
+
+  name   = "${each.key}_ReadOnly_Access_Group"
+}
+
+resource "aws_iam_group_policy_attachment" "read_only" {
+  for_each = aws_iam_group.read_only
+
+  group      = each.value.name
+  policy_arn = aws_iam_policy.read_only[each.key].arn
+}
+
+resource "aws_iam_group" "full_access" {
+  for_each = local.services
+
+  name   = "${each.key}_Full_Access_Group"
+}
+
+resource "aws_iam_group_policy_attachment" "full_access" {
+  for_each = aws_iam_group.full_access
+
+  group      = each.value.name
+  policy_arn = aws_iam_policy.full_access[each.key].arn
+}
+

terraform/aws_iam/terraform.tfstate.backup

@@ -0,0 +1,9 @@
+{
+  "version": 4,
+  "terraform_version": "1.3.7",
+  "serial": 580,
+  "lineage": "757d2b20-88b9-4a16-2150-6bd77f71aa53",
+  "outputs": {},
+  "resources": [],
+  "check_results": null
+}

terraform/aws_iam/variables.tf

@@ -0,0 +1,35 @@
+#---------------------------------------------------------------#
+# Network ID
+
+variable "VPC_ID" {
+  default = "vpc-00ba2b0e9ad59f0ed"
+}
+
+variable "Network_CIDR" {
+  default = "172.24.0.0/19"
+}
+
+variable "Private_Subnet_ID_1" {
+  default = "subnet-024f0deda82039fa4"
+}
+
+variable "Private_Subnet_ID_2" {
+  default = "subnet-050d942fa1c46540a"
+}
+
+variable "Private_Subnet_ID_3" {
+  default = "subnet-0946eb806af7377be"
+}
+
+variable "Public_Subnet_ID_1" {
+  default = "subnet-00c363356f133411d"
+}
+
+variable "Public_Subnet_ID_2" {
+  default = "subnet-07aa5e879a262014d"
+}
+
+variable "Public_Subnet_ID_3" {
+  default = "subnet-0073a61bc56a68a3e"
+}
+