Terraform module to create an IAM user. Suitable for e.g. CI/CD systems or systems which are external to AWS that cannot leverage AWS IAM Roles, AWS IAM Instance Profiles or AWS OIDC.
It is NOT recommended creating IAM users this way for any other purpose.
It is recommended that IAM policies be applied directly to groups and roles but not users. This module by default attaches the IAM policy to an IAM group with the same name instead of directly to the user.
If an AWS Access Key is created, it is stored in the SSM Parameter Store and is provided as a module output.
IMPORTANT: We do not pin modules to versions in our examples. We highly recommend that in your code you pin the version to the exact version you are using so that your infrastructure remains stable.
| Name | Version |
|---|---|
| terraform | >= 1.1.0 |
| aws | >= 3.13.0 |
| Name | Version |
|---|---|
| aws | >= 3.13.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_access_key.default | resource |
| aws_iam_group.default | resource |
| aws_iam_group_policy.default | resource |
| aws_iam_group_policy_attachment.default | resource |
| aws_iam_user.default | resource |
| aws_iam_user_group_membership.default | resource |
| aws_ssm_parameter.access_key_id | resource |
| aws_ssm_parameter.secret_access_key | resource |
| aws_ssm_parameter.ses_smtp_password_v4 | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | The name of the user. | string |
n/a | yes |
| create_iam_access_key | Overrule whether the user IAM access keys have to be created | bool |
true |
no |
| create_policy | Overrule whether the user role policy has to be created. | bool |
null |
no |
| force_destroy | Destroy the user even if it has non-terraform-managed IAM access keys, login profile or MFA devices | bool |
false |
no |
| groups | Set of group names to attach to the user. | set(string) |
[] |
no |
| kms_key_id | The KMS key ID used to encrypt the SSM parameters. | string |
null |
no |
| path | Path in which to create the user. | string |
"/" |
no |
| permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the user. | string |
null |
no |
| policy | The policy to attach to the user. | string |
null |
no |
| policy_arns | A set of policy ARNs to attach to the user. | set(string) |
[] |
no |
| postfix | Postfix the user, policy and group names with Account, Policy and Group. | bool |
true |
no |
| ssm_ses_smtp_password_v4 | Store the user's SES SMTP password in the SSM Parameter Store. | bool |
false |
no |
| tags | A mapping of tags to assign to the user. | map(string) |
null |
no |
| Name | Description |
|---|---|
| access_key_id | The access key ID |
| arn | The user ARN |
| name | The user name |
| secret_access_key | The secret access key |
| ses_smtp_password_v4 | The SES SMTP password |
| ssm_access_key_id | The SSM access key ID parameter name |
| ssm_secret_access_key | The SSM secret access key parameter name |
| ssm_ses_smtp_password_v4 | The SSM SES SMTP password parameter name |
100% Open Source and licensed under the Apache License Version 2.0. See LICENSE for full details.