Merge pull request #2 from rohit1101/iam-group

add create multiple IAM users
rohit1101 · Feb 10, 2025 · 6eb9a35 · 6eb9a35
2 parents 72b1367 + 822fda1
commit 6eb9a35
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 12 deletions.
diff --git a/main.tf b/main.tf
@@ -1,10 +1,14 @@
 resource "aws_iam_user" "test" {
-  name = var.aws_iam_username
-  tags = var.aws_iam_username_tags
+  for_each = var.aws_iam_username
+  name     = each.key
+  tags = {
+    name = "tf-created-${each.value}"
+  }
 }
 
 resource "aws_iam_user_login_profile" "test_user_login_profile" {
-  user                    = aws_iam_user.test.name
+  for_each                = var.aws_iam_username
+  user                    = aws_iam_user.test[each.key].name
   password_length         = var.aws_iam_user_login_profile_password_len
   password_reset_required = false
   # pgp_key = "keybase:your_key" can be used if the password requires encoding 
@@ -16,10 +20,31 @@ data "aws_iam_policy" "iamadmin_policy" {
 }
 
 resource "aws_iam_user_policy_attachment" "test_attachment" {
+  for_each   = var.aws_iam_username
   policy_arn = data.aws_iam_policy.iamadmin_policy.arn
-  user       = aws_iam_user.test.name
+  user       = aws_iam_user.test[each.key].name
 }
 
 # resource "aws_iam_account_alias" "test_account_alias" {
 #   account_alias = "non-linear-trap"
 # }
+
+
+resource "aws_iam_group" "test_group" {
+  name = var.aws_iam_group_name
+}
+
+data "aws_iam_policy" "iamadmin_group_policy" {
+  arn = var.aws_iam_group_policy_arn
+}
+
+resource "aws_iam_group_policy_attachment" "test-group-attach" {
+  group      = aws_iam_group.test_group.name
+  policy_arn = data.aws_iam_policy.iamadmin_group_policy.arn
+}
+
+resource "aws_iam_user_group_membership" "test_user_group_attach" {
+  for_each = var.aws_iam_username
+  user     = aws_iam_user.test[each.key].name
+  groups   = [aws_iam_group.test_group.name]
+}
diff --git a/outputs.tf b/outputs.tf
@@ -1,5 +1,5 @@
 
 output "iamadmin_userpassword" {
-  value     = aws_iam_user_login_profile.test_user_login_profile.password
+  value     = [for out in values(aws_iam_user_login_profile.test_user_login_profile) : "${out.id}'s password is (${out.password})"]
   sensitive = true
 }
diff --git a/variables.tf b/variables.tf
@@ -1,6 +1,12 @@
 variable "aws_iam_username" {
-  type        = string
-  default     = "iamadmin-tf"
+  type = map(string)
+  # default     = ["iamadmin-tf1", "iamadmin-tf2", "iamadmin-tf3", "iamadmin-tf4"]
+  default = {
+    "iamadmin-tf1" = "user1"
+    "iamadmin-tf2" = "user2"
+    "iamadmin-tf3" = "user3"
+    "iamadmin-tf4" = "user4"
+  }
   description = "Name of the iam user"
 }
 
@@ -22,10 +28,25 @@ variable "aws_iam_user_login_profile_password_len" {
 variable "aws_iam_policy_arn" {
   type        = string
   default     = "arn:aws:iam::aws:policy/AdministratorAccess"
-  description = "AWS Managed IAM Admin Access Policy ARN"
+  description = "AWS Managed EC2 Full Access Policy ARN"
+}
+
+variable "aws_iam_group_name" {
+  type    = string
+  default = "test-group"
+}
+
+
+variable "aws_iam_group_tag" {
+  type = map(string)
+  default = {
+    "name" = "tf-created"
+  }
 }
 
-# variable "aws_secret_key" {
-#   type = string
-#   # sensitive = true
-# }
+variable "aws_iam_group_policy_arn" {
+  type = string
+  # default     = "arn:aws:iam::aws:policy/AdministratorAccess"
+  default     = "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
+  description = "AWS Managed IAM Admin Access Policy ARN"
+}