iam-user
cloudposse/iam-user/aws
Terraform Module to provision a basic IAM user suitable for humans.
terraform-aws-iam-user    [![README Header][readme_header_img]][readme_header_link] [![Cloud Posse][logo]](https://cpco.io/homepage) Terraform Module to provision a basic IAM user suitable for humans. It will establish a login profile and associate the user with IAM groups. We do not recommend creating IAM users for any other purpose. For external systems (e.g. CI/CD) check out our terraform-aws-iam-system-user module. --- This project is part of our comprehensive "SweetOps" approach towards DevOps. [ ][share_email] [ ][share_googleplus] [ ][share_facebook] [ ][share_reddit] [ ][share_l
| Name | Type | Description | Default |
|---|---|---|---|
| pgp_key | string | Provide a base-64 encoded PGP public key, or a keybase username in the form `key | |
| user_name | string | Desired name for the IAM user. We recommend using email addresses. | |
| environment | string | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'st | null |
| delimiter | string | Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` | null |
| label_key_case | string | Controls the letter case of the `tags` keys (label names) for tags generated by | null |
| tenant | string | ID element _(Rarely used, not included by default)_. A customer identifier, indi | null |
| name | string | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi | null |
| tags | map(string) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the t | {} |
| label_order | list(string) | The order in which the labels (ID elements) appear in the `id`. Defaults to ["na | null |
| label_value_case | string | Controls the letter case of ID elements (labels) as included in `id`, set as tag | null |
| force_destroy | bool | When destroying this user, destroy even if it has non-Terraform-managed IAM acce | false |
| password_reset_required | bool | Whether the user should be forced to reset the generated password on first login | true |
| password_length | number | The length of the generated password | 24 |
| context | any | Single object for setting entire context at once. See description of individual | {
"additional_tag_map": {},
"attribu |
| enabled | bool | Set to false to prevent the module from creating any resources | null |
| permissions_boundary | string | The ARN of the policy that is used to set the permissions boundary for the user | "" |
| attributes | list(string) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, | [] |
| path | string | Desired path for the IAM user | "/" |
| additional_tag_map | map(string) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not add | {} |
| id_length_limit | number | Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. | null |
| groups | list(string) | List of IAM user groups this user should belong to in the account | [] |
| stage | string | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'bu | null |
user_login_profile_encrypted_password — The encrypted password, base64 encodedpgp_key — PGP key used to encrypt sensitive data for this userkeybase_password_decrypt_command — Command to decrypt the Keybase encrypted password. Returns empty string if pgp_key is not from keybakeybase_password_pgp_message — PGP encrypted message (e.g. suitable for email exchanges). Returns empty string if pgp_key is not fruser_name — IAM user nameuser_arn — The ARN assigned by AWS for this useruser_unique_id — The unique ID assigned by AWSuser_login_profile_key_fingerprint — The fingerprint of the PGP key used to encrypt the passwordAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,