Added iam-account (#1)

* Added iam-account

Added iam-account (#1)
* Added iam-account
4755eb26 · Anton Babenko · GitHub · e337dbc9 · 4755eb26 · 4755eb26
Commit 4755eb26 authored Feb 05, 2018 by Anton Babenko Committed by GitHub Feb 05, 2018
12 changed files
--- a/.editorconfig
+++ b/.editorconfig
+# EditorConfig is awesome: http://EditorConfig.org
+# Uses editorconfig to maintain consistent coding styles
+# top-most EditorConfig file
+root = true
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+max_line_length = 80
+trim_trailing_whitespace = true
+[*.{tf,tfvars}]
+indent_size = 2
+indent_style = space
+[*.md]
+max_line_length = 0
+trim_trailing_whitespace = false
+[Makefile]
+tab_width = 2
+indent_style = tab
+[COMMIT_EDITMSG]
+max_line_length = 0
\ No newline at end of file
--- a/.gitignore
+++ b/.gitignore
+.terraform
+terraform.tfstate
+*.tfstate*
+terraform.tfvars
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
+repos:
+- repo: git://github.com/antonbabenko/pre-commit-terraform
+  sha: v1.4.0
+  hooks:
+    - id: terraform_fmt
+- repo: git://github.com/pre-commit/pre-commit-hooks
+  sha: v1.2.0
+  hooks:
+    - id: check-merge-conflict
--- a/LICENSE
+++ b/LICENSE
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
--- a/README.md
+++ b/README.md
 # terraform-aws-iam
 Terraform module which creates IAM resources on AWS
+- [ ] IAM account
+- [ ] IAM groups
+- [ ] IAM users
+- [ ] IAM assumable roles
+- [ ] IAM group with assumable roles policy
--- a/examples/iam-account/README.md
+++ b/examples/iam-account/README.md
+HTTP Security Group example
+===========================
+Configuration in this directory creates set of Security Group and Security Group Rules resources in various combination.
+Data sources are used to discover existing VPC resources (VPC and default security group).
+Usage
+=====
+To run this example you need to execute:
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
--- a/examples/iam-account/main.tf
+++ b/examples/iam-account/main.tf
+provider "aws" {
+  region = "eu-west-1"
+}
+##############
+# IAM account
+##############
+module "iam_account" {
+  source = "../../modules/iam-account"
+  account_alias = "test-account-awesome-company"
+  minimum_password_length = 6
+  require_numbers         = false
+}
--- a/examples/iam-account/outputs.tf
+++ b/examples/iam-account/outputs.tf
+output "this_caller_identity_account_id" {
+  description = "The ID of the AWS account"
+  value       = "${module.iam_account.this_caller_identity_account_id}"
+}
+output "this_iam_account_password_policy_expire_passwords" {
+  description = "Indicates whether passwords in the account expire. Returns true if max_password_age contains a value greater than 0. Returns false if it is 0 or not present."
+  value       = "${module.iam_account.this_iam_account_password_policy_expire_passwords}"
+}
--- a/modules/iam-account/README.md
+++ b/modules/iam-account/README.md
+# iam-account
+Manage IAM account alias and password policy.
+## Notes
+* If IAM account alias was previously set (either via AWS console or during the creation of an account from AWS Organizations) you will see this error:
+```
+* aws_iam_account_alias.this: Error creating account alias with name my-account-alias
+```
+If you want to manage IAM alias using Terraform (otherwise why are you reading this?) you need to import this resource like this:
+```
+$ terraform import module.iam_account.aws_iam_account_alias.this this
+module.iam_account.aws_iam_account_alias.this: Importing from ID "this"...
+module.iam_account.aws_iam_account_alias.this: Import complete!
+  Imported aws_iam_account_alias (ID: this)
+module.iam_account.aws_iam_account_alias.this: Refreshing state... (ID: this)
+Import successful!
+``` 
--- a/modules/iam-account/main.tf
+++ b/modules/iam-account/main.tf
+data "aws_caller_identity" "this" {
+  count = "${var.get_caller_identity}"
+}
+resource "aws_iam_account_alias" "this" {
+  account_alias = "${var.account_alias}"
+}
+resource "aws_iam_account_password_policy" "this" {
+  count = "${var.create_account_password_policy ? 1 : 0}"
+  minimum_password_length        = "${var.minimum_password_length}"
+  allow_users_to_change_password = "${var.allow_users_to_change_password}"
+  hard_expiry                    = "${var.hard_expiry}"
+  password_reuse_prevention      = "${var.password_reuse_prevention}"
+  require_lowercase_characters   = "${var.require_lowercase_characters}"
+  require_uppercase_characters   = "${var.require_uppercase_characters}"
+  require_numbers                = "${var.require_numbers}"
+  require_symbols                = "${var.require_symbols}"
+}
--- a/modules/iam-account/outputs.tf
+++ b/modules/iam-account/outputs.tf
+output "this_caller_identity_account_id" {
+  description = "The AWS Account ID number of the account that owns or contains the calling entity"
+  value       = "${element(concat(data.aws_caller_identity.this.*.account_id, list("")), 0)}"
+}
+output "this_caller_identity_arn" {
+  description = "The AWS ARN associated with the calling entity"
+  value       = "${element(concat(data.aws_caller_identity.this.*.arn, list("")), 0)}"
+}
+output "this_caller_identity_user_id" {
+  description = "The unique identifier of the calling entity"
+  value       = "${element(concat(data.aws_caller_identity.this.*.user_id, list("")), 0)}"
+}
+output "this_iam_account_password_policy_expire_passwords" {
+  description = "Indicates whether passwords in the account expire. Returns true if max_password_age contains a value greater than 0. Returns false if it is 0 or not present."
+  value       = "${element(concat(aws_iam_account_password_policy.this.*.expire_passwords, list("")), 0)}"
+}
--- a/modules/iam-account/variables.tf
+++ b/modules/iam-account/variables.tf
+variable "get_caller_identity" {
+  description = "Whether to get AWS account ID, User ID, and ARN in which Terraform is authorized"
+  default     = true
+}
+variable "account_alias" {
+  description = "AWS IAM account alias for this account"
+}
+variable "create_account_password_policy" {
+  description = "Whether to create AWS IAM account password policy"
+  default     = true
+}
+variable "minimum_password_length" {
+  description = "Minimum length to require for user passwords"
+  default     = 8
+}
+variable "allow_users_to_change_password" {
+  description = "Whether to allow users to change their own password"
+  default     = true
+}
+variable "hard_expiry" {
+  description = "Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)"
+  default     = false
+}
+variable "password_reuse_prevention" {
+  description = "The number of previous passwords that users are prevented from reusing"
+  default     = true
+}
+variable "require_lowercase_characters" {
+  description = "Whether to require lowercase characters for user passwords"
+  default     = true
+}
+variable "require_uppercase_characters" {
+  description = "Whether to require uppercase characters for user passwords"
+  default     = true
+}
+variable "require_numbers" {
+  description = "Whether to require numbers for user passwords"
+  default     = true
+}
+variable "require_symbols" {
+  description = "Whether to require symbols for user passwords"
+  default     = true
+}