Merge pull request easyawslearn#31 from easyawslearn/IAM

Iam

Author: easyawslearn

terraform-aws-iam/group_member.tf

@@ -0,0 +1,53 @@
+resource "aws_iam_group" "admin" {
+ name = "developer-admin-group"
+}
+
+resource "aws_iam_policy_attachment" "admin-attach" {
+ name = "admin-attachment"
+ groups = [aws_iam_group.admin.name]
+ policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
+}
+# Customer Policy Attachment
+resource "aws_iam_group" "custom_admin" {
+ name = "developer-admin-grp-custom-policy-example"
+}
+resource "aws_iam_group_policy" "Custom_developer_admin_policy" {
+ name = "my_developer_policy"
+ group = aws_iam_group.custom_admin.name
+
+ policy = <<EOF
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Action": "*",
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ]
+}
+EOF
+}
+
+resource "aws_iam_user_group_membership" "admin-users" {
+ user = aws_iam_user.demo-user.name
+
+ groups = [
+ aws_iam_group.admin.name
+ ]
+}
+
+resource "aws_iam_user_group_membership" "admin-users1" {
+ user = aws_iam_user.demo-user1.name
+
+ groups = [
+ aws_iam_group.admin.name
+ ]
+}
+resource "aws_iam_user" "demo-user" {
+ name = "demo-user"
+}
+
+resource "aws_iam_user" "demo-user1" {
+ name = "demo-user1"
+}

terraform-aws-iam/iam/aws_iam_group.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+ region = "eu-west-1"
+}

terraform-aws-iam/iam/main.tf

@@ -0,0 +1,17 @@
+
+resource "aws_instance" "iam_role_instance_example" {
+ ami = lookup(var.ami_id, var.region)
+ instance_type = var.instance_type
+ iam_instance_profile = aws_iam_instance_profile.ec2_profile.name
+ # key name
+ key_name = var.key_name
+ # User data passing through template rendering
+
+ tags = {
+ Name = "Roles with Ec2"
+ }
+}
+
+output "public_ip" {
+ value = aws_instance.iam_role_instance_example.public_ip
+}

terraform-aws-iam/iam_role_policy.tf

@@ -0,0 +1,52 @@
+provider "aws" {
+ region = var.region
+}
+
+resource "aws_iam_role" "s3_access_role" {
+ name = "s3-access-role"
+
+ assume_role_policy = <<EOF
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Action": "sts:AssumeRole",
+ "Principal": {
+ "Service": "ec2.amazonaws.com"
+ },
+ "Effect": "Allow",
+ "Sid": ""
+ }
+ ]
+}
+EOF
+ 
+}
+
+resource "aws_iam_instance_profile" "ec2_profile" {
+ name = "ec2_profile"
+ role = aws_iam_role.s3_access_role.name
+}
+
+resource "aws_iam_role_policy" "s3_bcuket_access_policy" {
+ name = "s3_bcuket_access_policy"
+ role = aws_iam_role.s3_access_role.id
+
+ policy = <<-EOF
+ {
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Action": [
+ "s3:*"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::iambucketdemo-dfredf",
+ "arn:aws:s3:::iambucketdemo-dfredf/*"
+ ]
+ }
+ ]
+ }
+ EOF
+}

terraform-aws-iam/iam_role_with_instance/instance.tf

@@ -0,0 +1,10 @@
+resource "aws_s3_bucket" "iam_demo_bucket_name" {
+ bucket = "iambucketdemo-dfredf"
+ acl="private"
+
+ tags = {
+ Name = "My bucket"
+ Environment = "Demo"
+ }
+ 
+}

terraform-aws-iam/iam_role_with_instance/main.tf

@@ -5,7 +5,7 @@ variable "region" {
 variable "ami_id" {
  type = "map"
  default = {
- us-east-1 = "ami-035b3c7efe6d061d5"
+ us-east-1 = "ami-04d29b6f966df1537"
  eu-west-2 = "ami-132b3c7efe6sdfdsfd"
  eu-central-1 = "ami-9787h5h6nsn75gd33"
  }