Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add IAM user login profile #51

Merged
merged 4 commits into from
Dec 20, 2024
Merged

Add IAM user login profile #51

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1cca98e
Add a user login profile
dav3r Dec 18, 2024
860c379
Add an output to show the initial password for each user
dav3r Dec 18, 2024
0e69e0d
Update the README with the latest output from terraform-docs
dav3r Dec 18, 2024
c965088
Improve output description
dav3r Dec 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ No modules.
| Name | Type |
|------|------|
| [aws_iam_user.users](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
| [aws_iam_user_login_profile.users](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_login_profile) | resource |
| [aws_iam_user_policy_attachment.self_managed_creds_with_mfa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource |
| [aws_iam_user_policy_attachment.self_managed_creds_without_mfa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
Expand All @@ -73,7 +74,9 @@ No modules.

## Outputs ##

No outputs.
| Name | Description |
|------|-------------|
| initial\_passwords | The initial password for each user, which must be changed at first login. |
jsf9k marked this conversation as resolved.
Show resolved Hide resolved
<!-- END_TF_DOCS -->

## Notes ##
Expand Down
4 changes: 4 additions & 0 deletions outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "initial_passwords" {
description = "The initial password for each user, which must be changed at first login."
value = { for k, v in aws_iam_user_login_profile.users : k => v.password }
}
21 changes: 21 additions & 0 deletions users.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,27 @@ resource "aws_iam_user" "users" {
name = each.key
}

# The login profile for each user; note that the user's initial console
# password is set here, and the user is required to change it at first login.
resource "aws_iam_user_login_profile" "users" {
provider = aws.users

for_each = toset(keys(var.users))

password_reset_required = true
user = aws_iam_user.users[each.key].name

lifecycle {
# Required so that Terraform doesn't reset the password if the user login
# profile was created outside of Terraform (password_length) or after the
# user has changed their initial password (password_reset_required).
ignore_changes = [
mcdonnnj marked this conversation as resolved.
Show resolved Hide resolved
password_length,
password_reset_required
]
}
}

# Attach the self-administration (with MFA required) policy to each user
# where self_managed is true and require_mfa is true
resource "aws_iam_user_policy_attachment" "self_managed_creds_with_mfa" {
Expand Down
Loading