update

terraform/aws_iam/user.tf

@@ -1,13 +1,40 @@
-resource "aws_iam_user" "cloudwatch" {
-  name = "grafana-cloudwatch"
+resource "aws_iam_user" "dev2" {
+  count = length(var.users)
+  name  = var.users[count.index]
+  path  = "/system/"
 }
 
-resource "aws_iam_user_group_membership" "cloudwatch" {
-  user = aws_iam_user.cloudwatch.name
-
-  groups = [
-    "CloudWatch_ReadOnly_Access_Group",
-    "Logs_ReadOnly_Access_Group",
-	"CloudTrail_ReadOnly_Access_Group"
-  ]
+resource "aws_iam_user" "app" {
+  count = length(var.apps_users)
+  name  = var.apps_users[count.index].name
+  path  = "/system/"
+}
+
+resource "aws_iam_user" "tmp" {
+  count = length(var.tmp_users)
+  name  = var.tmp_users[count.index].name
+  path  = "/system/"
+}
+
+resource "aws_iam_user_group_membership" "app_group_membership" {
+  count  = length(var.apps_users)
+  user   = aws_iam_user.app[count.index].name
+  groups = var.apps_users[count.index].groups
+}
+
+resource "aws_iam_user_group_membership" "tmp_group_membership" {
+  count  = length(var.tmp_users)
+  user   = aws_iam_user.tmp[count.index].name
+  groups = var.tmp_users[count.index].groups
+}
+
+resource "aws_iam_user_login_profile" "bypark_login" {
+  count	= length([for user in var.tmp_users : user if user.is_console_user])
+  user	= aws_iam_user.dev2[count.index].name
+  password_length = 20
+}
+
+output "bypark_password" {
+  value     = [for profile in aws_iam_user_login_profile.bypark_login : profile.encrypted_password if profile.user == "bypark"]
+  sensitive = true
 }