forked from cloudposse/terraform-aws-iam-s3-user
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README.yaml
90 lines (80 loc) · 4.23 KB
/
README.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#
# This is the canonical configuration for the `README.md`
# Run `make readme` to rebuild the `README.md`
#
# Name of this project
name: terraform-aws-iam-s3-user
# Logo for this project
#logo: docs/logo.png
# License of this project
license: "APACHE2"
# Canonical GitHub repo
github_repo: cloudposse/terraform-aws-iam-s3-user
# Badges to display
badges:
- name: "Latest Release"
image: "https://img.shields.io/github/release/cloudposse/terraform-aws-iam-s3-user.svg"
url: "https://github.com/cloudposse/terraform-aws-iam-s3-user/releases/latest"
- name: "Slack Community"
image: "https://slack.cloudposse.com/badge.svg"
url: "https://slack.cloudposse.com"
related:
- name: "terraform-aws-iam-system-user"
description: "Terraform Module to Provision a Basic IAM System User Suitable for CI/CD Systems (E.g. TravisCI, CircleCI)"
url: "https://github.com/cloudposse/terraform-aws-iam-system-user"
- name: "terraform-aws-iam-assumed-roles"
description: "Terraform Module for Assumed Roles on AWS with IAM Groups Requiring MFA"
url: "https://github.com/cloudposse/terraform-aws-iam-assumed-roles"
- name: "terraform-aws-ssm-iam-role"
description: "Terraform module to provision an IAM role with configurable permissions to access SSM Parameter Store"
url: "https://github.com/cloudposse/terraform-aws-ssm-iam-role"
- name: "terraform-aws-iam-chamber-user"
description: "Terraform module to provision a basic IAM chamber user with access to SSM parameters and KMS key to decrypt secrets, suitable for CI/CD systems (e.g. TravisCI, CircleCI, CodeFresh) or systems which are external to AWS that cannot leverage AWS IAM Instance Profiles"
url: "https://github.com/cloudposse/terraform-aws-iam-chamber-user"
- name: "terraform-aws-lb-s3-bucket"
description: "Terraform module to provision an S3 bucket with built in IAM policy to allow AWS Load Balancers to ship access logs"
url: "https://github.com/cloudposse/terraform-aws-lb-s3-bucket"
# Short description of this project
description: |-
Terraform module to provision a basic IAM user with permissions to access S3 resources,
e.g. to give the user read/write/delete access to the objects in an S3 bucket.
Suitable for CI/CD systems (_e.g._ TravisCI, CircleCI) or systems which are *external* to AWS
that cannot leverage [AWS IAM Instance Profiles](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html)
or [AWS OIDC](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html).
By default, IAM users, groups, and roles have no access to AWS resources.
IAM policies are the means by which privileges are granted to users, groups, or roles.
It is recommended that IAM policies be applied directly to groups and roles but not users.
**This module intentionally attaches an IAM policy directly to the user and does not use groups**
The IAM user name is constructed using [terraform-null-label](https://github.com/cloudposse/terraform-null-label)
and some input is required. The simplest input is `name`. By default the name will be converted to lower case
and all non-alphanumeric characters except for hyphen will be removed. See the documentation for `terraform-null-label`
to learn how to override these defaults if desired.
If an AWS Access Key is created, it is stored either in SSM Parameter Store or is provided as a module output,
but not both. Using SSM Parameter Store is recommended because module outputs are stored in plaintext in
the Terraform state file.
# How to use this project
usage: |-
This example will create an IAM user and allow read access to all objects in the S3 bucket `examplebucket`
```hcl
module "s3_user" {
source = "cloudposse/iam-s3-user/aws"
# Cloud Posse recommends pinning every module to a specific version
# version = "x.x.x"
namespace = "eg"
stage = "test"
name = "app"
s3_actions = ["s3:GetObject"]
s3_resources = "arn:aws:s3:::examplebucket/*"
}
```
include:
- "docs/targets.md"
- "docs/terraform.md"
# Contributors to this project
contributors:
- name: "Andriy Knysh"
github: "aknysh"
- name: "Erik Osterman"
github: "osterman"
- name: "Igor Rodionov"
github: "goruha"