Terraform — Implementing Automated IAM User Permission Assignment

Using Terraform to automate general tasks offers several advantages. It accelerates response times to user requests, minimizes configuration errors, and maintains version control tracking.

Step 1 — Create a child directory for further development. I’ve found that the -chdir option is helpful if you want to separate your subproject with Terraform.

Execute the following command to initialize a working directory containing Terraform configuration files:

terraform -chdir=AWS-RBAC-UserPermissionAssignment init

After running this command, you will receive a successful initialization message welcoming you to work with Terraform.

Step 2 — Create a HCL file to define the policy and associate it with a user.

//create a test user
resource "aws_iam_user" "terraform-user-1" {
  name = "terraform-ec2-user-1"
  path = "/"

  tags = {
    tag-key = "terraform-ec2-user-1"
  }
}

//Create a Policy
resource "aws_iam_policy" "custom-ec2-create" {
  name        = "custom-ec2-create"
  path        = "/"
  description = "Assign to user who need manage ec2"

  # Terraform's "jsonencode" function converts a
  # Terraform expression result to valid JSON syntax.
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = […