resource "aws_iam_user" "dev2" {
  name = "dev2-read"
}

resource "aws_iam_access_key" "dev2_access_key" {
  user = aws_iam_user.dev2.name
}

resource "aws_iam_user_login_profile" "dev2_login_profile" {
  user                     = aws_iam_user.dev2.name
  password_reset_required = true 
}

data "aws_iam_policy" "read-only" {
  arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
}

resource "aws_iam_policy_attachment" "attach-read-only-policy" {
  name       = "ReadOnlyAccessAttachment"
  policy_arn = data.aws_iam_policy.read-only.arn
  users      = [aws_iam_user.dev2.name] 
}