This module creates an AWS IAM user for Continuous Integration use. It was built primarily with Gitlab CI in mind. Once you create the user the module, you will can retrieve the access key from the secretsmanager secret.
CAUTION Because this module stores the key in an aws secretsmanager secret, it can be retrieved from your terraform state file. You must take steps, such as encrypting the terraform state file, to secure your state file. This access key needs to be secured to prevent compromise!
module "ci_user" {
source = "github.com/fortunecookiezen/aws-tf-ci-user"
name = "ci-user"
path = "/ci/"
tags = {
Environment = "nonprod"
}
}| Name | Version |
|---|---|
| aws | >4.0 |
| Name | Version |
|---|---|
| aws | >4.0 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| kms_key_id | (Optional) ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. | string |
"" |
no |
| name | name for the ci-user, defaults to ci-user | string |
"ci-user" |
no |
| path | path for the ci-user, defaults to / | string |
"/" |
no |
| tags | common tags to use for all resources | map(string) |
{} |
no |
| Name | Type |
|---|---|
| aws_iam_access_key.this | resource |
| aws_iam_policy.ci_user | resource |
| aws_iam_policy_attachment.ci_user | resource |
| aws_iam_user.ci_user | resource |
| aws_secretsmanager_secret.ci_user | resource |
| aws_secretsmanager_secret_version.this | resource |
| aws_region.current | data source |
| Name | Description |
|---|---|
| ci_user_arn | arn of the user created by the module |
| ci_user_name | username of the user created by the module, defaults to 'ci-user' |
1.0
Initial release of module. Future plans may be to restrict this user to PowerUser managed role.