add email_addresses

main.tf

@@ -6,11 +6,17 @@
 * 
 *   group = "g-audit-group"
 *   users = [ "s-ois-scan" ]
+*   email_addresses = [ "ois.compliance.scanning.group@census.gov" ]
 *   create_access_keys = true
 *   pgp_key = "${file(filename.b64)}"
 * }
 */
 
+locals {
+  #  security-audit-policies = ["${data.aws_iam_policy.aws-managed-security-audit.arn}", "$(aws_iam_policy.audit.arn}"]
+  enable_access_keys = "${var.create_access_keys ? length(var.users) : 0 }"
+}
+
 #---
 # used to get the partition from arn
 #---
@@ -26,6 +32,9 @@ data "aws_arn" "current" {
 resource "aws_iam_user" "audit" {
   count = "${length(var.users)}"
   name  = "${var.users[count.index]}"
+  tags = {
+    "EmailAddress" = "${index(var.email_addresses,count.index)}"
+  }
 }
 
 #---
@@ -70,11 +79,6 @@ data "aws_iam_policy" "aws-managed-security-audit" {
   arn = "arn:${data.aws_arn.current.partition}:iam::aws:policy/SecurityAudit"
 }
 
-locals {
-  #  security-audit-policies = ["${data.aws_iam_policy.aws-managed-security-audit.arn}", "$(aws_iam_policy.audit.arn}"]
-  enable_access_keys = "${var.create_access_keys ? length(var.users) : 0 }"
-}
-
 #resource "aws_iam_group_policy_attachment" "audit" {
 #  count      = "${length(local.security-audit-policies)}"
 #  group      = "${aws_iam_group.audit.name}"

variables.tf

@@ -10,6 +10,13 @@ variable "users" {
   default = ["s-inf-security-audit"]
 }
 
+variable "email_addresses" {
+  description = "Security Audit IAM Email Contact List(s)"
+
+  type    = "list"
+  default = ["ois.compliance.scanning.group@census.gov"]
+}
+
 variable "policy" {
   description = "Security Audit IAM Policy name"
   default     = "p-inf-security-audit"