From deb7c87b9593f2cc69f32aa4b82534bf9d8a6411 Mon Sep 17 00:00:00 2001 From: badra001 Date: Tue, 26 Apr 2022 10:27:38 -0400 Subject: [PATCH] add grup inf-terraform --- CHANGELOG.md | 4 ++++ common/version.tf | 2 +- terraform-state/README.md | 2 ++ terraform-state/group.tf | 15 +++++++++++++++ 4 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 terraform-state/group.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index bfa0934..d946814 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -146,3 +146,7 @@ * 1.15.0 -- 2022-04-20 - terraform-state - add policy for p-inf-terraform-{read,write} + +* 1.15.1 -- 2022-04-26 + - terraform-state + - add group inf-terraform with write access diff --git a/common/version.tf b/common/version.tf index 9f302fe..4a7c5ea 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "1.15.0" + _module_version = "1.15.1" } diff --git a/terraform-state/README.md b/terraform-state/README.md index 4aaa42a..69d67ab 100644 --- a/terraform-state/README.md +++ b/terraform-state/README.md @@ -66,6 +66,8 @@ No modules. | Name | Type | |------|------| | [aws_dynamodb_table.tfstate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource | +| [aws_iam_group.terraform](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group) | resource | +| [aws_iam_group_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource | | [aws_iam_policy.tfstate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.tfstate_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.tfstate_write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | diff --git a/terraform-state/group.tf b/terraform-state/group.tf new file mode 100644 index 0000000..76fab65 --- /dev/null +++ b/terraform-state/group.tf @@ -0,0 +1,15 @@ +locals { + group_name = format("%v%v", lookup(local._prefixes, "group", ""), "inf-terraform") + group_policies = [aws_iam_policy.tfstate_write.arn] +} + +resource "aws_iam_group" "terraform" { + name = local.group_name + path = "/" +} + +resource "aws_iam_group_policy_attachment" "this" { + for_each = toset(ocal.group_policies) + group = aws_iam_group.terraform.name + policy_arn = each.key +}