-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiam.tf
56 lines (47 loc) · 1.63 KB
/
iam.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Jenkins administrators - IAM group
resource "aws_iam_group" "jenkins-administrators" {
name = "ky-jenkins-administrators"
}
# Jenkins users - IAM group
resource "aws_iam_group" "jenkins-users" {
name = "ky-jenkins-users"
}
# jenkins-admin - IAM user
resource "aws_iam_user" "jenkins-admin" {
name = "ky-jenkins-admin"
}
# jenkins-dev-team - IAM user
resource "aws_iam_user" "jenkins-dev-team" {
name = "ky-jenkins-dev-team"
}
# jenkins-test-team - IAM user
resource "aws_iam_user" "jenkins-test-team" {
name = "ky-jenkins-test-team"
}
###############################
#admin user assignment to group - manage IAM Group membership for IAM Users
resource "aws_iam_group_membership" "jenkins-administrators-users-assignment" {
name = "ky-jekins-administrators-users"
users = [aws_iam_user.jenkins-admin.id]
group = aws_iam_group.jenkins-administrators.id
}
#non-admin users assignment to group
resource "aws_iam_group_membership" "jenkins-users-assignment" {
name = "ky-jekins-users"
users = [
aws_iam_user.jenkins-dev-team.id,
aws_iam_user.jenkins-test-team.id
]
group = aws_iam_group.jenkins-users.id
}
# Attaches a Managed IAM Policy to user(s), role(s), and/or group(s)
resource "aws_iam_policy_attachment" "jenkins-administrators-policy" {
name = "ky-jenkins-administrators-policy"
groups = [aws_iam_group.jenkins-administrators.id]
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}
resource "aws_iam_policy_attachment" "jenkins-users-policy" {
name = "ky-jenkins-users-policy"
groups = [aws_iam_group.jenkins-users.id]
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"
}