# --------------------------- # プロバイダ設定 # --------------------------- # AWS provider "aws" { region = "ap-northeast-1" profile = "default" } terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 5.54.1" } } } # --------------------------- # グループ作成 # --------------------------- # IAMグループ作成 resource "aws_iam_group" "hands_on_users" { name = "hands-on-users" } # ポリシーのアタッチ resource "aws_iam_group_policy_attachment" "hands_on_users" { for_each = var.aws_policy_arn group = aws_iam_group.hands_on_users.name policy_arn = each.value.arn } # --------------------------- # プロビジョニングハンズオン用グループ作成 # --------------------------- # IAMグループ作成 resource "aws_iam_group" "hands_on_provisioning_group" { name = "hands-on-provisioning-group" } # IAMポリシー作成 resource "aws_iam_policy" "hands_on_provisioning_policy" { name = "hands-on-provisioning-policy" policy = file("./hands-on-provisioning-policy.json") } # ポリシーのアタッチ resource "aws_iam_group_policy_attachment" "hands_on_provisioning" { group = aws_iam_group.hands_on_provisioning_group.name policy_arn = aws_iam_policy.hands_on_provisioning_policy.arn } # --------------------------- # ユーザー作成 # --------------------------- # ユーザー作成 resource "aws_iam_user" "hands_on_users" { for_each = var.aws_iam_user name = each.value.name path = "/" force_destroy = true } # ログインプロファイルの設定 resource "aws_iam_user_login_profile" "hands_on_users" { for_each = aws_iam_user.hands_on_users user = each.value.name password_reset_required = false password_length = "12" } # グループへの追加 resource "aws_iam_user_group_membership" "hands_on_users" { for_each = aws_iam_user.hands_on_users user = each.value.name groups = [ aws_iam_group.hands_on_users.name, aws_iam_group.hands_on_provisioning_group.name, ] } # アウトプット output "username" { value = [for user in aws_iam_user_login_profile.hands_on_users : {user = user.user, password = user.password}] }