add grup inf-terraform

terraform-modules · Apr 26, 2022 · deb7c87 · deb7c87
1 parent a977bfd
commit deb7c87
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -146,3 +146,7 @@
 * 1.15.0 -- 2022-04-20
   - terraform-state
     - add policy for p-inf-terraform-{read,write}
+
+* 1.15.1 -- 2022-04-26
+  - terraform-state
+    -  add group inf-terraform with write access
diff --git a/common/version.tf b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.15.0"
+  _module_version = "1.15.1"
 }
diff --git a/terraform-state/README.md b/terraform-state/README.md
@@ -66,6 +66,8 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_dynamodb_table.tfstate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
+| [aws_iam_group.terraform](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group) | resource |
+| [aws_iam_group_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
 | [aws_iam_policy.tfstate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.tfstate_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.tfstate_write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |

diff --git a/terraform-state/group.tf b/terraform-state/group.tf
@@ -0,0 +1,15 @@
+locals {
+  group_name     = format("%v%v", lookup(local._prefixes, "group", ""), "inf-terraform")
+  group_policies = [aws_iam_policy.tfstate_write.arn]
+}
+
+resource "aws_iam_group" "terraform" {
+  name = local.group_name
+  path = "/"
+}
+
+resource "aws_iam_group_policy_attachment" "this" {
+  for_each   = toset(ocal.group_policies)
+  group      = aws_iam_group.terraform.name
+  policy_arn = each.key
+}