Terraform module to provision a basic IAM chamber user with access to SSM parameters and KMS key to decrypt secrets, suitable for CI/CD systems (e.g. TravisCI, CircleCI, CodeFresh) or systems which are external to AWS that cannot leverage AWS IAM Instance Profiles.
We do not recommend creating IAM users this way for any other purpose.
module "chamber_user" {
source = "git::https://github.com/cloudposse/terraform-aws-iam-chamber-user.git?ref=master"
namespace = "cp"
stage = "prod"
name = "chamber"
kms_key_alias = "alias/parameter_store_key"
}
module "kms_key" {
source = "git::https://github.com/cloudposse/terraform-aws-kms-key.git?ref=master"
namespace = "cp"
stage = "prod"
name = "key"
description = "KMS key for chamber"
deletion_window_in_days = 10
enable_key_rotation = "true"
alias = "alias/parameter_store_key"
}| Name | Default | Description | Required |
|---|---|---|---|
namespace |
`` | Namespace (e.g. cp or cloudposse) |
Yes |
stage |
`` | Stage (e.g. prod, dev, staging) |
Yes |
name |
`` | Name (e.g. app) |
Yes |
kms_key_alias |
alias/parameter_store_key |
KMS key alias used to decrypt secrets in Parameter Store | Yes |
attributes |
[] |
Additional attributes (e.g. 1) |
No |
tags |
{} |
Additional tags (e.g. map("BusinessUnit","XYZ") |
No |
delimiter |
- |
Delimiter to be used between namespace, stage, name and attributes |
No |
force_destroy |
false |
Destroy even if it has non-Terraform-managed IAM access keys, login profiles or MFA devices | No |
path |
/ |
Path in which to create the user | No |
enabled |
true |
Set to false to prevent the module from creating any resources |
No |
ssm_actions |
["ssm:GetParametersByPath", "ssm:GetParameters"] |
Actions to allow in the policy | No |
ssm_resources |
["*"] |
Resources to apply the actions specified in the policy | No |
| Name | Description |
|---|---|
user_name |
Normalized IAM user name |
user_arn |
The ARN assigned by AWS for the user |
user_unique_id |
The user unique ID assigned by AWS |
access_key_id |
The access key ID |
secret_access_key |
The secret access key. This will be written to the state file in plain-text |
Got a question?
File a GitHub issue, send us an email or reach out to us on Gitter.
Please use the issue tracker to report any bugs or file feature requests.
If you are interested in being a contributor and want to get involved in developing terraform-aws-iam-chamber-user, we would love to hear from you! Shoot us an email.
In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
- Fork the repo on GitHub
- Clone the project to your own machine
- Commit changes to your own branch
- Push your work back up to your fork
- Submit a Pull request so that we can review your changes
NOTE: Be sure to merge the latest from "upstream" before making a pull request!
APACHE 2.0 © 2018 Cloud Posse, LLC
See LICENSE for full details.
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
terraform-aws-iam-chamber-user is maintained and funded by Cloud Posse, LLC.
Like it? Please let us know at [email protected]
We love Open Source Software!
See our other projects or hire us to help build your next cloud platform.
 Erik Osterman |
 Andriy Knysh |
 Sarkis Varozian |
|---|