iam-s3-user
cloudposse/iam-s3-user/aws
Terraform module to provision a basic IAM user with permissions to access S3 resources, e.g. to give the user read/write/delete access to the objects in an S3 bucket
terraform-aws-iam-s3-user Terraform module to provision a basic IAM user with permissions to access S3 resources, e.g. to give the user read/write/delete access to the objects in an S3 bucket. Suitable for CI/CD systems (_e.g._ TravisCI, CircleCI) or systems which are external to AWS that cannot leverage AWS IAM Instance Profiles or AWS OIDC. By default, IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. This module intentionally attaches an IAM policy directly to the user and does not use groups The IAM user name is constructed using terraform-null-label and some input is required. The simplest input is
| Name | Type | Description | Default |
|---|---|---|---|
| s3_resources | list(string) | S3 resources to apply the actions specified in the policy | |
| name | string | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi | null |
| force_destroy | bool | Destroy even if it has non-Terraform-managed IAM access keys, login profiles or | false |
| path | string | Path in which to create the user | "/" |
| context | any | Single object for setting entire context at once. See description of individual | {
"additional_tag_map": {},
"attribu |
| namespace | string | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp' | null |
| stage | string | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'bu | null |
| regex_replace_chars | string | Terraform regular expression (regex) string. Characters matching the regex will | null |
| label_value_case | string | Controls the letter case of ID elements (labels) as included in `id`, set as tag | null |
| ssm_base_path | string | The base path for SSM parameters where secrets are stored | "/s3_user/" |
| additional_tag_map | map(string) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not add | {} |
| label_key_case | string | Controls the letter case of the `tags` keys (label names) for tags generated by | null |
| id_length_limit | number | Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. | null |
| create_iam_access_key | bool | Set `true` to create an IAM Access Key for the user. To rotate the key, set `fal | true |
| environment | string | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'st | null |
| tags | map(string) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the t | {} |
| ssm_enabled | bool | Set `true` to store secrets in SSM Parameter Store, `false` to store secrets in | false |
| delimiter | string | Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` | null |
| label_order | list(string) | The order in which the labels (ID elements) appear in the `id`. Defaults to ["na | null |
| s3_actions | list(string) | Actions to allow in the policy | [
"s3:GetObject"
] |
| permissions_boundary | string | Permissions Boundary ARN to attach to our created user | null |
secret_access_key — Secret Access Key. This will be written to the state file in plain-textaccess_key_id_ssm_path — The SSM Path under which the S3 User's access key ID is storedsecret_access_key_ssm_path — The SSM Path under which the S3 User's secret access key is storeduser_name — Normalized IAM user nameuser_arn — The ARN assigned by AWS for the useruser_unique_id — The user unique ID assigned by AWSaccess_key_id — Access Key IDAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,