Terraform — Implementing Automated IAM User Permission Assignment
Using Terraform to automate general tasks offers several advantages. It accelerates response times to user requests, minimizes configuration errors, and maintains version control tracking.
Step 1 — Create a child directory for further development. I’ve found that the -chdir
option is helpful if you want to separate your subproject with Terraform.
Execute the following command to initialize a working directory containing Terraform configuration files:
terraform -chdir=AWS-RBAC-UserPermissionAssignment init
After running this command, you will receive a successful initialization message welcoming you to work with Terraform.
Step 2 — Create a HCL file to define the policy and associate it with a user.
//create a test user
resource "aws_iam_user" "terraform-user-1" {
name = "terraform-ec2-user-1"
path = "/"
tags = {
tag-key = "terraform-ec2-user-1"
}
}
//Create a Policy
resource "aws_iam_policy" "custom-ec2-create" {
name = "custom-ec2-create"
path = "/"
description = "Assign to user who need manage ec2"
# Terraform's "jsonencode" function converts a
# Terraform expression result to valid JSON syntax.
policy = jsonencode({
Version = "2012-10-17"
Statement = […