CMDB-Server/root/IAM-Users/terraform/iam_user.tf

# ---------------------------
# プロバイダ設定
# ---------------------------
# AWS
provider "aws" {
  region     = "ap-northeast-1"
  profile    = "default"
}

terraform {
 required_providers {
   aws = {
     source  = "hashicorp/aws"
     version = "~> 5.54.1"
   }
 }
}

# ---------------------------
# グループ作成
# ---------------------------
# IAMグループ作成
resource "aws_iam_group" "hands_on_users" {
  name = "hands-on-users"
}

# ポリシーのアタッチ
resource "aws_iam_group_policy_attachment" "hands_on_users" {
  for_each = var.aws_policy_arn
  group = aws_iam_group.hands_on_users.name
  policy_arn = each.value.arn
}

# ---------------------------
# プロビジョニングハンズオン用グループ作成
# ---------------------------
# IAMグループ作成
resource "aws_iam_group" "hands_on_provisioning_group" {
  name = "hands-on-provisioning-group"
}

# IAMポリシー作成
resource "aws_iam_policy" "hands_on_provisioning_policy" {
  name = "hands-on-provisioning-policy"
  policy = file("./hands-on-provisioning-policy.json")
}

# ポリシーのアタッチ
resource "aws_iam_group_policy_attachment" "hands_on_provisioning" {
  group = aws_iam_group.hands_on_provisioning_group.name
  policy_arn = aws_iam_policy.hands_on_provisioning_policy.arn
}

# ---------------------------
# ユーザー作成
# ---------------------------
# ユーザー作成
resource "aws_iam_user" "hands_on_users" {
  for_each      = var.aws_iam_user
  name          = each.value.name
  path          = "/"
  force_destroy = true
}

# ログインプロファイルの設定
resource "aws_iam_user_login_profile" "hands_on_users" {
  for_each                = aws_iam_user.hands_on_users
  user                    = each.value.name
  password_reset_required = false
  password_length         = "12"
}

# グループへの追加
resource "aws_iam_user_group_membership" "hands_on_users" {
  for_each                = aws_iam_user.hands_on_users
  user                    = each.value.name
  groups = [
    aws_iam_group.hands_on_users.name,
    aws_iam_group.hands_on_provisioning_group.name,
  ]
}

# アウトプット
output "username" {
  value = [for user in aws_iam_user_login_profile.hands_on_users : {user = user.user, password = user.password}]
}
first commit 2025-07-03 17:24:43 +09:00			`# ---------------------------`
			`# プロバイダ設定`
			`# ---------------------------`
			`# AWS`
			`provider "aws" {`
			`region = "ap-northeast-1"`
			`profile = "default"`
			`}`

			`terraform {`
			`required_providers {`
			`aws = {`
			`source = "hashicorp/aws"`
			`version = "~> 5.54.1"`
			`}`
			`}`
			`}`

			`# ---------------------------`
			`# グループ作成`
			`# ---------------------------`
			`# IAMグループ作成`
			`resource "aws_iam_group" "hands_on_users" {`
			`name = "hands-on-users"`
			`}`

			`# ポリシーのアタッチ`
			`resource "aws_iam_group_policy_attachment" "hands_on_users" {`
			`for_each = var.aws_policy_arn`
			`group = aws_iam_group.hands_on_users.name`
			`policy_arn = each.value.arn`
			`}`

			`# ---------------------------`
			`# プロビジョニングハンズオン用グループ作成`
			`# ---------------------------`
			`# IAMグループ作成`
			`resource "aws_iam_group" "hands_on_provisioning_group" {`
			`name = "hands-on-provisioning-group"`
			`}`

			`# IAMポリシー作成`
			`resource "aws_iam_policy" "hands_on_provisioning_policy" {`
			`name = "hands-on-provisioning-policy"`
			`policy = file("./hands-on-provisioning-policy.json")`
			`}`

			`# ポリシーのアタッチ`
			`resource "aws_iam_group_policy_attachment" "hands_on_provisioning" {`
			`group = aws_iam_group.hands_on_provisioning_group.name`
			`policy_arn = aws_iam_policy.hands_on_provisioning_policy.arn`
			`}`

			`# ---------------------------`
			`# ユーザー作成`
			`# ---------------------------`
			`# ユーザー作成`
			`resource "aws_iam_user" "hands_on_users" {`
			`for_each = var.aws_iam_user`
			`name = each.value.name`
			`path = "/"`
			`force_destroy = true`
			`}`

			`# ログインプロファイルの設定`
			`resource "aws_iam_user_login_profile" "hands_on_users" {`
			`for_each = aws_iam_user.hands_on_users`
			`user = each.value.name`
			`password_reset_required = false`
			`password_length = "12"`
			`}`

			`# グループへの追加`
			`resource "aws_iam_user_group_membership" "hands_on_users" {`
			`for_each = aws_iam_user.hands_on_users`
			`user = each.value.name`
			`groups = [`
			`aws_iam_group.hands_on_users.name,`
			`aws_iam_group.hands_on_provisioning_group.name,`
			`]`
			`}`

			`# アウトプット`
			`output "username" {`
			`value = [for user in aws_iam_user_login_profile.hands_on_users : {user = user.user, password = user.password}]`
			`}`