diff --git a/terraform/aws_iam/policy.tf b/terraform/aws_iam/policy.tf index 7297d2e..f336e69 100644 --- a/terraform/aws_iam/policy.tf +++ b/terraform/aws_iam/policy.tf @@ -1,13 +1,11 @@ locals { services = { - "S3" : "s3", - "EFS" : "elasticfilesystem", - "EC2" : "ec2", - "Route53" : "route53", - "Lambda" : "lambda", - "CloudWatch" : "cloudwatch", - "CloudTrail" : "cloudtrail" - "Logs" : "logs" + "CloudWatch" : "cloudwatch", + "CloudTrail" : "cloudtrail", + "Logs" : "logs", + "S3" : "s3", + "Ec2" : "ec2", + "Sqs" : "sqs" } } @@ -74,4 +72,3 @@ resource "aws_iam_group_policy_attachment" "full_access" { group = each.value.name policy_arn = aws_iam_policy.full_access[each.key].arn } - diff --git a/terraform/aws_iam/terraform.tfstate b/terraform/aws_iam/terraform.tfstate index 703ec2c..a8f5220 100644 --- a/terraform/aws_iam/terraform.tfstate +++ b/terraform/aws_iam/terraform.tfstate @@ -1,9 +1,18 @@ { "version": 4, - "terraform_version": "1.3.7", - "serial": 701, + "terraform_version": "1.4.6", + "serial": 785, "lineage": "757d2b20-88b9-4a16-2150-6bd77f71aa53", - "outputs": {}, + "outputs": { + "bypark_password": { + "value": [], + "type": [ + "tuple", + [] + ], + "sensitive": true + } + }, "resources": [ { "mode": "managed", @@ -19,7 +28,7 @@ "id": "CloudTrail_Full_Access_Group", "name": "CloudTrail_Full_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TARHMCHENK6" + "unique_id": "AGPAXMVVF3TA623FQKNMU" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -32,46 +41,20 @@ "id": "CloudWatch_Full_Access_Group", "name": "CloudWatch_Full_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TATSL6XWSWS" + "unique_id": "AGPAXMVVF3TARP2XD6BSE" }, "sensitive_attributes": [], "private": "bnVsbA==" }, { - "index_key": "EC2", + "index_key": "Ec2", "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::508259851457:group/EC2_Full_Access_Group", - "id": "EC2_Full_Access_Group", - "name": "EC2_Full_Access_Group", + "arn": "arn:aws:iam::508259851457:group/Ec2_Full_Access_Group", + "id": "Ec2_Full_Access_Group", + "name": "Ec2_Full_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TAWVRAXFSZN" - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "EFS", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:group/EFS_Full_Access_Group", - "id": "EFS_Full_Access_Group", - "name": "EFS_Full_Access_Group", - "path": "/", - "unique_id": "AGPAXMVVF3TA3NHH2LSWE" - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "Lambda", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:group/Lambda_Full_Access_Group", - "id": "Lambda_Full_Access_Group", - "name": "Lambda_Full_Access_Group", - "path": "/", - "unique_id": "AGPAXMVVF3TA4447WTA7O" + "unique_id": "AGPAXMVVF3TAVMNBJPA5W" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -84,20 +67,7 @@ "id": "Logs_Full_Access_Group", "name": "Logs_Full_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TAW6MCBAETP" - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "Route53", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:group/Route53_Full_Access_Group", - "id": "Route53_Full_Access_Group", - "name": "Route53_Full_Access_Group", - "path": "/", - "unique_id": "AGPAXMVVF3TAU6Q75T4KR" + "unique_id": "AGPAXMVVF3TAY7W4U7VBX" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -110,7 +80,20 @@ "id": "S3_Full_Access_Group", "name": "S3_Full_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TAVOEQDWJTF" + "unique_id": "AGPAXMVVF3TA4JNQAGBSN" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + }, + { + "index_key": "Sqs", + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:group/Sqs_Full_Access_Group", + "id": "Sqs_Full_Access_Group", + "name": "Sqs_Full_Access_Group", + "path": "/", + "unique_id": "AGPAXMVVF3TAUT2BUOIPE" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -150,40 +133,14 @@ "private": "bnVsbA==" }, { - "index_key": "EC2", + "index_key": "Ec2", "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::508259851457:group/EC2_ReadOnly_Access_Group", - "id": "EC2_ReadOnly_Access_Group", - "name": "EC2_ReadOnly_Access_Group", + "arn": "arn:aws:iam::508259851457:group/Ec2_ReadOnly_Access_Group", + "id": "Ec2_ReadOnly_Access_Group", + "name": "Ec2_ReadOnly_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TA6SQQKP3FI" - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "EFS", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:group/EFS_ReadOnly_Access_Group", - "id": "EFS_ReadOnly_Access_Group", - "name": "EFS_ReadOnly_Access_Group", - "path": "/", - "unique_id": "AGPAXMVVF3TAUX2TUR77F" - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "Lambda", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:group/Lambda_ReadOnly_Access_Group", - "id": "Lambda_ReadOnly_Access_Group", - "name": "Lambda_ReadOnly_Access_Group", - "path": "/", - "unique_id": "AGPAXMVVF3TA37JEABZXM" + "unique_id": "AGPAXMVVF3TAUF5H5H4YY" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -201,19 +158,6 @@ "sensitive_attributes": [], "private": "bnVsbA==" }, - { - "index_key": "Route53", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:group/Route53_ReadOnly_Access_Group", - "id": "Route53_ReadOnly_Access_Group", - "name": "Route53_ReadOnly_Access_Group", - "path": "/", - "unique_id": "AGPAXMVVF3TAZ7YWIQMAB" - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, { "index_key": "S3", "schema_version": 0, @@ -222,7 +166,20 @@ "id": "S3_ReadOnly_Access_Group", "name": "S3_ReadOnly_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TA2U5VN542E" + "unique_id": "AGPAXMVVF3TA46ZZ6TCUN" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + }, + { + "index_key": "Sqs", + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:group/Sqs_ReadOnly_Access_Group", + "id": "Sqs_ReadOnly_Access_Group", + "name": "Sqs_ReadOnly_Access_Group", + "path": "/", + "unique_id": "AGPAXMVVF3TATXM6AF2K3" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -240,7 +197,7 @@ "schema_version": 0, "attributes": { "group": "CloudTrail_Full_Access_Group", - "id": "CloudTrail_Full_Access_Group-20230509124530613200000012", + "id": "CloudTrail_Full_Access_Group-20230808011214157000000007", "policy_arn": "arn:aws:iam::508259851457:policy/CloudTrail_Full_Access" }, "sensitive_attributes": [], @@ -255,7 +212,7 @@ "schema_version": 0, "attributes": { "group": "CloudWatch_Full_Access_Group", - "id": "CloudWatch_Full_Access_Group-20230509124531008500000016", + "id": "CloudWatch_Full_Access_Group-20230808011214157900000008", "policy_arn": "arn:aws:iam::508259851457:policy/CloudWatch_Full_Access" }, "sensitive_attributes": [], @@ -266,42 +223,12 @@ ] }, { - "index_key": "EC2", + "index_key": "Ec2", "schema_version": 0, "attributes": { - "group": "EC2_Full_Access_Group", - "id": "EC2_Full_Access_Group-2023050912453057880000000e", - "policy_arn": "arn:aws:iam::508259851457:policy/EC2_Full_Access" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_iam_group.full_access", - "aws_iam_policy.full_access" - ] - }, - { - "index_key": "EFS", - "schema_version": 0, - "attributes": { - "group": "EFS_Full_Access_Group", - "id": "EFS_Full_Access_Group-20230509124530993200000015", - "policy_arn": "arn:aws:iam::508259851457:policy/EFS_Full_Access" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_iam_group.full_access", - "aws_iam_policy.full_access" - ] - }, - { - "index_key": "Lambda", - "schema_version": 0, - "attributes": { - "group": "Lambda_Full_Access_Group", - "id": "Lambda_Full_Access_Group-20230509124531068800000017", - "policy_arn": "arn:aws:iam::508259851457:policy/Lambda_Full_Access" + "group": "Ec2_Full_Access_Group", + "id": "Ec2_Full_Access_Group-20230808011214139600000005", + "policy_arn": "arn:aws:iam::508259851457:policy/Ec2_Full_Access" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -315,7 +242,7 @@ "schema_version": 0, "attributes": { "group": "Logs_Full_Access_Group", - "id": "Logs_Full_Access_Group-20230517065650690000000002", + "id": "Logs_Full_Access_Group-20230808011214142500000006", "policy_arn": "arn:aws:iam::508259851457:policy/Logs_Full_Access" }, "sensitive_attributes": [], @@ -325,27 +252,12 @@ "aws_iam_policy.full_access" ] }, - { - "index_key": "Route53", - "schema_version": 0, - "attributes": { - "group": "Route53_Full_Access_Group", - "id": "Route53_Full_Access_Group-20230509124530592000000010", - "policy_arn": "arn:aws:iam::508259851457:policy/Route53_Full_Access" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_iam_group.full_access", - "aws_iam_policy.full_access" - ] - }, { "index_key": "S3", "schema_version": 0, "attributes": { "group": "S3_Full_Access_Group", - "id": "S3_Full_Access_Group-20230509124530601100000011", + "id": "S3_Full_Access_Group-20230808011214137700000004", "policy_arn": "arn:aws:iam::508259851457:policy/S3_Full_Access" }, "sensitive_attributes": [], @@ -354,6 +266,21 @@ "aws_iam_group.full_access", "aws_iam_policy.full_access" ] + }, + { + "index_key": "Sqs", + "schema_version": 0, + "attributes": { + "group": "Sqs_Full_Access_Group", + "id": "Sqs_Full_Access_Group-20230808014232527900000001", + "policy_arn": "arn:aws:iam::508259851457:policy/Sqs_Full_Access" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_group.full_access", + "aws_iam_policy.full_access" + ] } ] }, @@ -394,42 +321,12 @@ ] }, { - "index_key": "EC2", + "index_key": "Ec2", "schema_version": 0, "attributes": { - "group": "EC2_ReadOnly_Access_Group", - "id": "EC2_ReadOnly_Access_Group-20230509124529978000000001", - "policy_arn": "arn:aws:iam::508259851457:policy/EC2_ReadOnly_Access" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_iam_group.read_only", - "aws_iam_policy.read_only" - ] - }, - { - "index_key": "EFS", - "schema_version": 0, - "attributes": { - "group": "EFS_ReadOnly_Access_Group", - "id": "EFS_ReadOnly_Access_Group-2023050912453052350000000b", - "policy_arn": "arn:aws:iam::508259851457:policy/EFS_ReadOnly_Access" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_iam_group.read_only", - "aws_iam_policy.read_only" - ] - }, - { - "index_key": "Lambda", - "schema_version": 0, - "attributes": { - "group": "Lambda_ReadOnly_Access_Group", - "id": "Lambda_ReadOnly_Access_Group-20230509124529989800000006", - "policy_arn": "arn:aws:iam::508259851457:policy/Lambda_ReadOnly_Access" + "group": "Ec2_ReadOnly_Access_Group", + "id": "Ec2_ReadOnly_Access_Group-20230808011213547500000002", + "policy_arn": "arn:aws:iam::508259851457:policy/Ec2_ReadOnly_Access" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -454,12 +351,12 @@ ] }, { - "index_key": "Route53", + "index_key": "S3", "schema_version": 0, "attributes": { - "group": "Route53_ReadOnly_Access_Group", - "id": "Route53_ReadOnly_Access_Group-20230509124529978100000002", - "policy_arn": "arn:aws:iam::508259851457:policy/Route53_ReadOnly_Access" + "group": "S3_ReadOnly_Access_Group", + "id": "S3_ReadOnly_Access_Group-20230808011213547400000001", + "policy_arn": "arn:aws:iam::508259851457:policy/S3_ReadOnly_Access" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -469,12 +366,12 @@ ] }, { - "index_key": "S3", + "index_key": "Sqs", "schema_version": 0, "attributes": { - "group": "S3_ReadOnly_Access_Group", - "id": "S3_ReadOnly_Access_Group-20230509124530027000000007", - "policy_arn": "arn:aws:iam::508259851457:policy/S3_ReadOnly_Access" + "group": "Sqs_ReadOnly_Access_Group", + "id": "Sqs_ReadOnly_Access_Group-20230808014232736500000002", + "policy_arn": "arn:aws:iam::508259851457:policy/Sqs_ReadOnly_Access" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -528,53 +425,17 @@ "private": "bnVsbA==" }, { - "index_key": "EC2", + "index_key": "Ec2", "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::508259851457:policy/EC2_Full_Access", + "arn": "arn:aws:iam::508259851457:policy/Ec2_Full_Access", "description": "", - "id": "arn:aws:iam::508259851457:policy/EC2_Full_Access", - "name": "EC2_Full_Access", + "id": "arn:aws:iam::508259851457:policy/Ec2_Full_Access", + "name": "Ec2_Full_Access", "name_prefix": "", "path": "/", "policy": "{\"Statement\":[{\"Action\":[\"ec2:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAU3A63OC6I", - "tags": {}, - "tags_all": {} - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "EFS", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:policy/EFS_Full_Access", - "description": "", - "id": "arn:aws:iam::508259851457:policy/EFS_Full_Access", - "name": "EFS_Full_Access", - "name_prefix": "", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"elasticfilesystem:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAW6RESROQ5", - "tags": {}, - "tags_all": {} - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "Lambda", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:policy/Lambda_Full_Access", - "description": "", - "id": "arn:aws:iam::508259851457:policy/Lambda_Full_Access", - "name": "Lambda_Full_Access", - "name_prefix": "", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"lambda:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAUFHETI3HL", + "policy_id": "ANPAXMVVF3TAVWW5CCHNN", "tags": {}, "tags_all": {} }, @@ -599,24 +460,6 @@ "sensitive_attributes": [], "private": "bnVsbA==" }, - { - "index_key": "Route53", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:policy/Route53_Full_Access", - "description": "", - "id": "arn:aws:iam::508259851457:policy/Route53_Full_Access", - "name": "Route53_Full_Access", - "name_prefix": "", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"route53:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAQTWENY6ZH", - "tags": {}, - "tags_all": {} - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, { "index_key": "S3", "schema_version": 0, @@ -628,7 +471,25 @@ "name_prefix": "", "path": "/", "policy": "{\"Statement\":[{\"Action\":[\"s3:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TA5AKVY6OPF", + "policy_id": "ANPAXMVVF3TAQW7UNRK7I", + "tags": {}, + "tags_all": {} + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + }, + { + "index_key": "Sqs", + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:policy/Sqs_Full_Access", + "description": "", + "id": "arn:aws:iam::508259851457:policy/Sqs_Full_Access", + "name": "Sqs_Full_Access", + "name_prefix": "", + "path": "/", + "policy": "{\"Statement\":[{\"Action\":[\"sqs:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAXMVVF3TAUS3JANM5M", "tags": {}, "tags_all": {} }, @@ -680,53 +541,17 @@ "private": "bnVsbA==" }, { - "index_key": "EC2", + "index_key": "Ec2", "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::508259851457:policy/EC2_ReadOnly_Access", + "arn": "arn:aws:iam::508259851457:policy/Ec2_ReadOnly_Access", "description": "", - "id": "arn:aws:iam::508259851457:policy/EC2_ReadOnly_Access", - "name": "EC2_ReadOnly_Access", + "id": "arn:aws:iam::508259851457:policy/Ec2_ReadOnly_Access", + "name": "Ec2_ReadOnly_Access", "name_prefix": "", "path": "/", "policy": "{\"Statement\":[{\"Action\":[\"ec2:List*\",\"ec2:Get*\",\"ec2:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAUN6BACP2Y", - "tags": {}, - "tags_all": {} - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "EFS", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:policy/EFS_ReadOnly_Access", - "description": "", - "id": "arn:aws:iam::508259851457:policy/EFS_ReadOnly_Access", - "name": "EFS_ReadOnly_Access", - "name_prefix": "", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"elasticfilesystem:List*\",\"elasticfilesystem:Get*\",\"elasticfilesystem:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAVXRQVNLS5", - "tags": {}, - "tags_all": {} - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "Lambda", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:policy/Lambda_ReadOnly_Access", - "description": "", - "id": "arn:aws:iam::508259851457:policy/Lambda_ReadOnly_Access", - "name": "Lambda_ReadOnly_Access", - "name_prefix": "", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"lambda:List*\",\"lambda:Get*\",\"lambda:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TATA6PKAWKB", + "policy_id": "ANPAXMVVF3TA53OJDD2CI", "tags": {}, "tags_all": {} }, @@ -751,24 +576,6 @@ "sensitive_attributes": [], "private": "bnVsbA==" }, - { - "index_key": "Route53", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:policy/Route53_ReadOnly_Access", - "description": "", - "id": "arn:aws:iam::508259851457:policy/Route53_ReadOnly_Access", - "name": "Route53_ReadOnly_Access", - "name_prefix": "", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"route53:List*\",\"route53:Get*\",\"route53:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TARCWD3MFPD", - "tags": {}, - "tags_all": {} - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, { "index_key": "S3", "schema_version": 0, @@ -780,7 +587,25 @@ "name_prefix": "", "path": "/", "policy": "{\"Statement\":[{\"Action\":[\"s3:List*\",\"s3:Get*\",\"s3:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAYU3FSMCE7", + "policy_id": "ANPAXMVVF3TAUHGGAQYRH", + "tags": {}, + "tags_all": {} + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + }, + { + "index_key": "Sqs", + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:policy/Sqs_ReadOnly_Access", + "description": "", + "id": "arn:aws:iam::508259851457:policy/Sqs_ReadOnly_Access", + "name": "Sqs_ReadOnly_Access", + "name_prefix": "", + "path": "/", + "policy": "{\"Statement\":[{\"Action\":[\"sqs:List*\",\"sqs:Get*\",\"sqs:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAXMVVF3TA2ODI5SLWY", "tags": {}, "tags_all": {} }, @@ -792,21 +617,106 @@ { "mode": "managed", "type": "aws_iam_user", - "name": "cloudwatch", + "name": "app", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { + "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::508259851457:user/grafana-cloudwatch", + "arn": "arn:aws:iam::508259851457:user/system/grafana-cloudwatch", "force_destroy": false, "id": "grafana-cloudwatch", "name": "grafana-cloudwatch", - "path": "/", + "path": "/system/", "permissions_boundary": null, "tags": {}, "tags_all": {}, - "unique_id": "AIDAXMVVF3TA6JCPVKDMO" + "unique_id": "AIDAXMVVF3TA2SX6BGKZ4" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:user/system/argo-workflow", + "force_destroy": false, + "id": "argo-workflow", + "name": "argo-workflow", + "path": "/system/", + "permissions_boundary": null, + "tags": {}, + "tags_all": {}, + "unique_id": "AIDAXMVVF3TAY3JZ3EPXL" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_user", + "name": "dev2", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:user/system/user1", + "force_destroy": false, + "id": "user1", + "name": "user1", + "path": "/system/", + "permissions_boundary": null, + "tags": {}, + "tags_all": {}, + "unique_id": "AIDAXMVVF3TA55RL4GOYD" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:user/system/user2", + "force_destroy": false, + "id": "user2", + "name": "user2", + "path": "/system/", + "permissions_boundary": null, + "tags": {}, + "tags_all": {}, + "unique_id": "AIDAXMVVF3TAXFXW2JU3R" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_user", + "name": "tmp", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:user/system/bypark", + "force_destroy": false, + "id": "bypark", + "name": "bypark", + "path": "/system/", + "permissions_boundary": null, + "tags": {}, + "tags_all": {}, + "unique_id": "AIDAXMVVF3TAQDL7S4ZC7" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -816,10 +726,11 @@ { "mode": "managed", "type": "aws_iam_user_group_membership", - "name": "cloudwatch", + "name": "app_group_membership", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { + "index_key": 0, "schema_version": 0, "attributes": { "groups": [ @@ -827,13 +738,82 @@ "CloudWatch_ReadOnly_Access_Group", "Logs_ReadOnly_Access_Group" ], - "id": "terraform-20230517055242040800000001", + "id": "terraform-20230808014606188700000002", "user": "grafana-cloudwatch" }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ - "aws_iam_user.cloudwatch" + "aws_iam_user.app" + ] + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "groups": [ + "Ec2_ReadOnly_Access_Group", + "S3_Full_Access_Group" + ], + "id": "terraform-20230808014605996800000001", + "user": "argo-workflow" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_user.app" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_user_group_membership", + "name": "tmp_group_membership", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "groups": [ + "S3_Full_Access_Group", + "Sqs_Full_Access_Group" + ], + "id": "terraform-20230808015151063800000001", + "user": "bypark" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_user.tmp" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_user_login_profile", + "name": "bypark_login", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "encrypted_password": null, + "id": "user1", + "key_fingerprint": null, + "password": "DYSHckbG'7d!4Ko{y}wf", + "password_length": 20, + "password_reset_required": false, + "pgp_key": null, + "user": "user1" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_user.dev2" ] } ] diff --git a/terraform/aws_iam/terraform.tfstate.backup b/terraform/aws_iam/terraform.tfstate.backup index eb2afa2..d21897b 100644 --- a/terraform/aws_iam/terraform.tfstate.backup +++ b/terraform/aws_iam/terraform.tfstate.backup @@ -1,9 +1,18 @@ { "version": 4, - "terraform_version": "1.3.7", - "serial": 699, + "terraform_version": "1.4.6", + "serial": 783, "lineage": "757d2b20-88b9-4a16-2150-6bd77f71aa53", - "outputs": {}, + "outputs": { + "bypark_password": { + "value": [], + "type": [ + "tuple", + [] + ], + "sensitive": true + } + }, "resources": [ { "mode": "managed", @@ -19,7 +28,7 @@ "id": "CloudTrail_Full_Access_Group", "name": "CloudTrail_Full_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TARHMCHENK6" + "unique_id": "AGPAXMVVF3TA623FQKNMU" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -32,46 +41,20 @@ "id": "CloudWatch_Full_Access_Group", "name": "CloudWatch_Full_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TATSL6XWSWS" + "unique_id": "AGPAXMVVF3TARP2XD6BSE" }, "sensitive_attributes": [], "private": "bnVsbA==" }, { - "index_key": "EC2", + "index_key": "Ec2", "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::508259851457:group/EC2_Full_Access_Group", - "id": "EC2_Full_Access_Group", - "name": "EC2_Full_Access_Group", + "arn": "arn:aws:iam::508259851457:group/Ec2_Full_Access_Group", + "id": "Ec2_Full_Access_Group", + "name": "Ec2_Full_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TAWVRAXFSZN" - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "EFS", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:group/EFS_Full_Access_Group", - "id": "EFS_Full_Access_Group", - "name": "EFS_Full_Access_Group", - "path": "/", - "unique_id": "AGPAXMVVF3TA3NHH2LSWE" - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "Lambda", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:group/Lambda_Full_Access_Group", - "id": "Lambda_Full_Access_Group", - "name": "Lambda_Full_Access_Group", - "path": "/", - "unique_id": "AGPAXMVVF3TA4447WTA7O" + "unique_id": "AGPAXMVVF3TAVMNBJPA5W" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -84,20 +67,7 @@ "id": "Logs_Full_Access_Group", "name": "Logs_Full_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TAW6MCBAETP" - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "Route53", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:group/Route53_Full_Access_Group", - "id": "Route53_Full_Access_Group", - "name": "Route53_Full_Access_Group", - "path": "/", - "unique_id": "AGPAXMVVF3TAU6Q75T4KR" + "unique_id": "AGPAXMVVF3TAY7W4U7VBX" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -110,7 +80,20 @@ "id": "S3_Full_Access_Group", "name": "S3_Full_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TAVOEQDWJTF" + "unique_id": "AGPAXMVVF3TA4JNQAGBSN" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + }, + { + "index_key": "Sqs", + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:group/Sqs_Full_Access_Group", + "id": "Sqs_Full_Access_Group", + "name": "Sqs_Full_Access_Group", + "path": "/", + "unique_id": "AGPAXMVVF3TAUT2BUOIPE" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -150,40 +133,14 @@ "private": "bnVsbA==" }, { - "index_key": "EC2", + "index_key": "Ec2", "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::508259851457:group/EC2_ReadOnly_Access_Group", - "id": "EC2_ReadOnly_Access_Group", - "name": "EC2_ReadOnly_Access_Group", + "arn": "arn:aws:iam::508259851457:group/Ec2_ReadOnly_Access_Group", + "id": "Ec2_ReadOnly_Access_Group", + "name": "Ec2_ReadOnly_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TA6SQQKP3FI" - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "EFS", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:group/EFS_ReadOnly_Access_Group", - "id": "EFS_ReadOnly_Access_Group", - "name": "EFS_ReadOnly_Access_Group", - "path": "/", - "unique_id": "AGPAXMVVF3TAUX2TUR77F" - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "Lambda", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:group/Lambda_ReadOnly_Access_Group", - "id": "Lambda_ReadOnly_Access_Group", - "name": "Lambda_ReadOnly_Access_Group", - "path": "/", - "unique_id": "AGPAXMVVF3TA37JEABZXM" + "unique_id": "AGPAXMVVF3TAUF5H5H4YY" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -201,19 +158,6 @@ "sensitive_attributes": [], "private": "bnVsbA==" }, - { - "index_key": "Route53", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:group/Route53_ReadOnly_Access_Group", - "id": "Route53_ReadOnly_Access_Group", - "name": "Route53_ReadOnly_Access_Group", - "path": "/", - "unique_id": "AGPAXMVVF3TAZ7YWIQMAB" - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, { "index_key": "S3", "schema_version": 0, @@ -222,7 +166,20 @@ "id": "S3_ReadOnly_Access_Group", "name": "S3_ReadOnly_Access_Group", "path": "/", - "unique_id": "AGPAXMVVF3TA2U5VN542E" + "unique_id": "AGPAXMVVF3TA46ZZ6TCUN" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + }, + { + "index_key": "Sqs", + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:group/Sqs_ReadOnly_Access_Group", + "id": "Sqs_ReadOnly_Access_Group", + "name": "Sqs_ReadOnly_Access_Group", + "path": "/", + "unique_id": "AGPAXMVVF3TATXM6AF2K3" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -240,7 +197,7 @@ "schema_version": 0, "attributes": { "group": "CloudTrail_Full_Access_Group", - "id": "CloudTrail_Full_Access_Group-20230509124530613200000012", + "id": "CloudTrail_Full_Access_Group-20230808011214157000000007", "policy_arn": "arn:aws:iam::508259851457:policy/CloudTrail_Full_Access" }, "sensitive_attributes": [], @@ -255,7 +212,7 @@ "schema_version": 0, "attributes": { "group": "CloudWatch_Full_Access_Group", - "id": "CloudWatch_Full_Access_Group-20230509124531008500000016", + "id": "CloudWatch_Full_Access_Group-20230808011214157900000008", "policy_arn": "arn:aws:iam::508259851457:policy/CloudWatch_Full_Access" }, "sensitive_attributes": [], @@ -266,42 +223,12 @@ ] }, { - "index_key": "EC2", + "index_key": "Ec2", "schema_version": 0, "attributes": { - "group": "EC2_Full_Access_Group", - "id": "EC2_Full_Access_Group-2023050912453057880000000e", - "policy_arn": "arn:aws:iam::508259851457:policy/EC2_Full_Access" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_iam_group.full_access", - "aws_iam_policy.full_access" - ] - }, - { - "index_key": "EFS", - "schema_version": 0, - "attributes": { - "group": "EFS_Full_Access_Group", - "id": "EFS_Full_Access_Group-20230509124530993200000015", - "policy_arn": "arn:aws:iam::508259851457:policy/EFS_Full_Access" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_iam_group.full_access", - "aws_iam_policy.full_access" - ] - }, - { - "index_key": "Lambda", - "schema_version": 0, - "attributes": { - "group": "Lambda_Full_Access_Group", - "id": "Lambda_Full_Access_Group-20230509124531068800000017", - "policy_arn": "arn:aws:iam::508259851457:policy/Lambda_Full_Access" + "group": "Ec2_Full_Access_Group", + "id": "Ec2_Full_Access_Group-20230808011214139600000005", + "policy_arn": "arn:aws:iam::508259851457:policy/Ec2_Full_Access" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -315,7 +242,7 @@ "schema_version": 0, "attributes": { "group": "Logs_Full_Access_Group", - "id": "Logs_Full_Access_Group-20230517065650690000000002", + "id": "Logs_Full_Access_Group-20230808011214142500000006", "policy_arn": "arn:aws:iam::508259851457:policy/Logs_Full_Access" }, "sensitive_attributes": [], @@ -325,27 +252,12 @@ "aws_iam_policy.full_access" ] }, - { - "index_key": "Route53", - "schema_version": 0, - "attributes": { - "group": "Route53_Full_Access_Group", - "id": "Route53_Full_Access_Group-20230509124530592000000010", - "policy_arn": "arn:aws:iam::508259851457:policy/Route53_Full_Access" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_iam_group.full_access", - "aws_iam_policy.full_access" - ] - }, { "index_key": "S3", "schema_version": 0, "attributes": { "group": "S3_Full_Access_Group", - "id": "S3_Full_Access_Group-20230509124530601100000011", + "id": "S3_Full_Access_Group-20230808011214137700000004", "policy_arn": "arn:aws:iam::508259851457:policy/S3_Full_Access" }, "sensitive_attributes": [], @@ -354,6 +266,21 @@ "aws_iam_group.full_access", "aws_iam_policy.full_access" ] + }, + { + "index_key": "Sqs", + "schema_version": 0, + "attributes": { + "group": "Sqs_Full_Access_Group", + "id": "Sqs_Full_Access_Group-20230808014232527900000001", + "policy_arn": "arn:aws:iam::508259851457:policy/Sqs_Full_Access" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_group.full_access", + "aws_iam_policy.full_access" + ] } ] }, @@ -394,42 +321,12 @@ ] }, { - "index_key": "EC2", + "index_key": "Ec2", "schema_version": 0, "attributes": { - "group": "EC2_ReadOnly_Access_Group", - "id": "EC2_ReadOnly_Access_Group-20230509124529978000000001", - "policy_arn": "arn:aws:iam::508259851457:policy/EC2_ReadOnly_Access" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_iam_group.read_only", - "aws_iam_policy.read_only" - ] - }, - { - "index_key": "EFS", - "schema_version": 0, - "attributes": { - "group": "EFS_ReadOnly_Access_Group", - "id": "EFS_ReadOnly_Access_Group-2023050912453052350000000b", - "policy_arn": "arn:aws:iam::508259851457:policy/EFS_ReadOnly_Access" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_iam_group.read_only", - "aws_iam_policy.read_only" - ] - }, - { - "index_key": "Lambda", - "schema_version": 0, - "attributes": { - "group": "Lambda_ReadOnly_Access_Group", - "id": "Lambda_ReadOnly_Access_Group-20230509124529989800000006", - "policy_arn": "arn:aws:iam::508259851457:policy/Lambda_ReadOnly_Access" + "group": "Ec2_ReadOnly_Access_Group", + "id": "Ec2_ReadOnly_Access_Group-20230808011213547500000002", + "policy_arn": "arn:aws:iam::508259851457:policy/Ec2_ReadOnly_Access" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -454,12 +351,12 @@ ] }, { - "index_key": "Route53", + "index_key": "S3", "schema_version": 0, "attributes": { - "group": "Route53_ReadOnly_Access_Group", - "id": "Route53_ReadOnly_Access_Group-20230509124529978100000002", - "policy_arn": "arn:aws:iam::508259851457:policy/Route53_ReadOnly_Access" + "group": "S3_ReadOnly_Access_Group", + "id": "S3_ReadOnly_Access_Group-20230808011213547400000001", + "policy_arn": "arn:aws:iam::508259851457:policy/S3_ReadOnly_Access" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -469,12 +366,12 @@ ] }, { - "index_key": "S3", + "index_key": "Sqs", "schema_version": 0, "attributes": { - "group": "S3_ReadOnly_Access_Group", - "id": "S3_ReadOnly_Access_Group-20230509124530027000000007", - "policy_arn": "arn:aws:iam::508259851457:policy/S3_ReadOnly_Access" + "group": "Sqs_ReadOnly_Access_Group", + "id": "Sqs_ReadOnly_Access_Group-20230808014232736500000002", + "policy_arn": "arn:aws:iam::508259851457:policy/Sqs_ReadOnly_Access" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -528,53 +425,17 @@ "private": "bnVsbA==" }, { - "index_key": "EC2", + "index_key": "Ec2", "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::508259851457:policy/EC2_Full_Access", + "arn": "arn:aws:iam::508259851457:policy/Ec2_Full_Access", "description": "", - "id": "arn:aws:iam::508259851457:policy/EC2_Full_Access", - "name": "EC2_Full_Access", + "id": "arn:aws:iam::508259851457:policy/Ec2_Full_Access", + "name": "Ec2_Full_Access", "name_prefix": "", "path": "/", "policy": "{\"Statement\":[{\"Action\":[\"ec2:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAU3A63OC6I", - "tags": {}, - "tags_all": {} - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "EFS", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:policy/EFS_Full_Access", - "description": "", - "id": "arn:aws:iam::508259851457:policy/EFS_Full_Access", - "name": "EFS_Full_Access", - "name_prefix": "", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"elasticfilesystem:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAW6RESROQ5", - "tags": {}, - "tags_all": {} - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "Lambda", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:policy/Lambda_Full_Access", - "description": "", - "id": "arn:aws:iam::508259851457:policy/Lambda_Full_Access", - "name": "Lambda_Full_Access", - "name_prefix": "", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"lambda:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAUFHETI3HL", + "policy_id": "ANPAXMVVF3TAVWW5CCHNN", "tags": {}, "tags_all": {} }, @@ -593,24 +454,6 @@ "path": "/", "policy": "{\"Statement\":[{\"Action\":[\"logs:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", "policy_id": "ANPAXMVVF3TA4HWZQ45FJ", - "tags": null, - "tags_all": {} - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "Route53", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:policy/Route53_Full_Access", - "description": "", - "id": "arn:aws:iam::508259851457:policy/Route53_Full_Access", - "name": "Route53_Full_Access", - "name_prefix": "", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"route53:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAQTWENY6ZH", "tags": {}, "tags_all": {} }, @@ -628,7 +471,25 @@ "name_prefix": "", "path": "/", "policy": "{\"Statement\":[{\"Action\":[\"s3:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TA5AKVY6OPF", + "policy_id": "ANPAXMVVF3TAQW7UNRK7I", + "tags": {}, + "tags_all": {} + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + }, + { + "index_key": "Sqs", + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:policy/Sqs_Full_Access", + "description": "", + "id": "arn:aws:iam::508259851457:policy/Sqs_Full_Access", + "name": "Sqs_Full_Access", + "name_prefix": "", + "path": "/", + "policy": "{\"Statement\":[{\"Action\":[\"sqs:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAXMVVF3TAUS3JANM5M", "tags": {}, "tags_all": {} }, @@ -680,53 +541,17 @@ "private": "bnVsbA==" }, { - "index_key": "EC2", + "index_key": "Ec2", "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::508259851457:policy/EC2_ReadOnly_Access", + "arn": "arn:aws:iam::508259851457:policy/Ec2_ReadOnly_Access", "description": "", - "id": "arn:aws:iam::508259851457:policy/EC2_ReadOnly_Access", - "name": "EC2_ReadOnly_Access", + "id": "arn:aws:iam::508259851457:policy/Ec2_ReadOnly_Access", + "name": "Ec2_ReadOnly_Access", "name_prefix": "", "path": "/", "policy": "{\"Statement\":[{\"Action\":[\"ec2:List*\",\"ec2:Get*\",\"ec2:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAUN6BACP2Y", - "tags": {}, - "tags_all": {} - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "EFS", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:policy/EFS_ReadOnly_Access", - "description": "", - "id": "arn:aws:iam::508259851457:policy/EFS_ReadOnly_Access", - "name": "EFS_ReadOnly_Access", - "name_prefix": "", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"elasticfilesystem:List*\",\"elasticfilesystem:Get*\",\"elasticfilesystem:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAVXRQVNLS5", - "tags": {}, - "tags_all": {} - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "Lambda", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:policy/Lambda_ReadOnly_Access", - "description": "", - "id": "arn:aws:iam::508259851457:policy/Lambda_ReadOnly_Access", - "name": "Lambda_ReadOnly_Access", - "name_prefix": "", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"lambda:List*\",\"lambda:Get*\",\"lambda:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TATA6PKAWKB", + "policy_id": "ANPAXMVVF3TA53OJDD2CI", "tags": {}, "tags_all": {} }, @@ -745,24 +570,6 @@ "path": "/", "policy": "{\"Statement\":[{\"Action\":[\"logs:List*\",\"logs:Get*\",\"logs:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", "policy_id": "ANPAXMVVF3TAUQHN5K463", - "tags": null, - "tags_all": {} - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - }, - { - "index_key": "Route53", - "schema_version": 0, - "attributes": { - "arn": "arn:aws:iam::508259851457:policy/Route53_ReadOnly_Access", - "description": "", - "id": "arn:aws:iam::508259851457:policy/Route53_ReadOnly_Access", - "name": "Route53_ReadOnly_Access", - "name_prefix": "", - "path": "/", - "policy": "{\"Statement\":[{\"Action\":[\"route53:List*\",\"route53:Get*\",\"route53:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TARCWD3MFPD", "tags": {}, "tags_all": {} }, @@ -780,7 +587,25 @@ "name_prefix": "", "path": "/", "policy": "{\"Statement\":[{\"Action\":[\"s3:List*\",\"s3:Get*\",\"s3:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "policy_id": "ANPAXMVVF3TAYU3FSMCE7", + "policy_id": "ANPAXMVVF3TAUHGGAQYRH", + "tags": {}, + "tags_all": {} + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + }, + { + "index_key": "Sqs", + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:policy/Sqs_ReadOnly_Access", + "description": "", + "id": "arn:aws:iam::508259851457:policy/Sqs_ReadOnly_Access", + "name": "Sqs_ReadOnly_Access", + "name_prefix": "", + "path": "/", + "policy": "{\"Statement\":[{\"Action\":[\"sqs:List*\",\"sqs:Get*\",\"sqs:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPAXMVVF3TA2ODI5SLWY", "tags": {}, "tags_all": {} }, @@ -792,21 +617,106 @@ { "mode": "managed", "type": "aws_iam_user", - "name": "cloudwatch", + "name": "app", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { + "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws:iam::508259851457:user/grafana-cloudwatch", + "arn": "arn:aws:iam::508259851457:user/system/grafana-cloudwatch", "force_destroy": false, "id": "grafana-cloudwatch", "name": "grafana-cloudwatch", - "path": "/", + "path": "/system/", "permissions_boundary": null, "tags": {}, "tags_all": {}, - "unique_id": "AIDAXMVVF3TA6JCPVKDMO" + "unique_id": "AIDAXMVVF3TA2SX6BGKZ4" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:user/system/argo-workflow", + "force_destroy": false, + "id": "argo-workflow", + "name": "argo-workflow", + "path": "/system/", + "permissions_boundary": null, + "tags": {}, + "tags_all": {}, + "unique_id": "AIDAXMVVF3TAY3JZ3EPXL" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_user", + "name": "dev2", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:user/system/user1", + "force_destroy": false, + "id": "user1", + "name": "user1", + "path": "/system/", + "permissions_boundary": null, + "tags": {}, + "tags_all": {}, + "unique_id": "AIDAXMVVF3TA55RL4GOYD" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:user/system/user2", + "force_destroy": false, + "id": "user2", + "name": "user2", + "path": "/system/", + "permissions_boundary": null, + "tags": {}, + "tags_all": {}, + "unique_id": "AIDAXMVVF3TAXFXW2JU3R" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_user", + "name": "tmp", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::508259851457:user/system/bypark", + "force_destroy": false, + "id": "bypark", + "name": "bypark", + "path": "/system/", + "permissions_boundary": null, + "tags": {}, + "tags_all": {}, + "unique_id": "AIDAXMVVF3TAQDL7S4ZC7" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -816,10 +726,11 @@ { "mode": "managed", "type": "aws_iam_user_group_membership", - "name": "cloudwatch", + "name": "app_group_membership", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { + "index_key": 0, "schema_version": 0, "attributes": { "groups": [ @@ -827,13 +738,57 @@ "CloudWatch_ReadOnly_Access_Group", "Logs_ReadOnly_Access_Group" ], - "id": "terraform-20230517055242040800000001", + "id": "terraform-20230808014606188700000002", "user": "grafana-cloudwatch" }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ - "aws_iam_user.cloudwatch" + "aws_iam_user.app" + ] + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "groups": [ + "Ec2_ReadOnly_Access_Group", + "S3_Full_Access_Group" + ], + "id": "terraform-20230808014605996800000001", + "user": "argo-workflow" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_user.app" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_user_login_profile", + "name": "bypark_login", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "encrypted_password": null, + "id": "user1", + "key_fingerprint": null, + "password": "DYSHckbG'7d!4Ko{y}wf", + "password_length": 20, + "password_reset_required": null, + "pgp_key": null, + "user": "user1" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_user.dev2" ] } ] diff --git a/terraform/aws_iam/user.tf b/terraform/aws_iam/user.tf index 7db8183..2786ca1 100644 --- a/terraform/aws_iam/user.tf +++ b/terraform/aws_iam/user.tf @@ -1,13 +1,40 @@ -resource "aws_iam_user" "cloudwatch" { - name = "grafana-cloudwatch" +resource "aws_iam_user" "dev2" { + count = length(var.users) + name = var.users[count.index] + path = "/system/" } -resource "aws_iam_user_group_membership" "cloudwatch" { - user = aws_iam_user.cloudwatch.name - - groups = [ - "CloudWatch_ReadOnly_Access_Group", - "Logs_ReadOnly_Access_Group", - "CloudTrail_ReadOnly_Access_Group" - ] +resource "aws_iam_user" "app" { + count = length(var.apps_users) + name = var.apps_users[count.index].name + path = "/system/" +} + +resource "aws_iam_user" "tmp" { + count = length(var.tmp_users) + name = var.tmp_users[count.index].name + path = "/system/" +} + +resource "aws_iam_user_group_membership" "app_group_membership" { + count = length(var.apps_users) + user = aws_iam_user.app[count.index].name + groups = var.apps_users[count.index].groups +} + +resource "aws_iam_user_group_membership" "tmp_group_membership" { + count = length(var.tmp_users) + user = aws_iam_user.tmp[count.index].name + groups = var.tmp_users[count.index].groups +} + +resource "aws_iam_user_login_profile" "bypark_login" { + count = length([for user in var.tmp_users : user if user.is_console_user]) + user = aws_iam_user.dev2[count.index].name + password_length = 20 +} + +output "bypark_password" { + value = [for profile in aws_iam_user_login_profile.bypark_login : profile.encrypted_password if profile.user == "bypark"] + sensitive = true } diff --git a/terraform/aws_iam/variables.tf b/terraform/aws_iam/variables.tf index a6a7336..fe6b692 100644 --- a/terraform/aws_iam/variables.tf +++ b/terraform/aws_iam/variables.tf @@ -33,3 +33,45 @@ variable "Public_Subnet_ID_3" { default = "subnet-0073a61bc56a68a3e" } +variable "users" { + description = "Dev2 users" + type = list(string) + default = ["user1","user2"] +} + +variable "apps_users" { + description = "Apps users and their groups" + type = list(object({ + name = string + groups = list(string) + })) + + default = [ + { + name = "grafana-cloudwatch" + groups = ["CloudWatch_ReadOnly_Access_Group", "Logs_ReadOnly_Access_Group", "CloudTrail_ReadOnly_Access_Group"] + }, + { + name = "argo-workflow" + groups = ["Ec2_ReadOnly_Access_Group", "S3_Full_Access_Group"] + } + ] +} + +variable "tmp_users" { + description = "temp users and their groups" + type = list(object({ + name = string + is_console_user = bool + groups = list(string) + })) + + default = [ + { + name = "bypark", + is_console_user = true, + groups = ["S3_Full_Access_Group", "Sqs_Full_Access_Group"] + } + ] +} +