terraform client creation added

zLukas · Dec 9, 2023 · e1c8b58 · e1c8b58
1 parent e38c7d6
commit e1c8b58
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 68 deletions.
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -48,70 +48,21 @@ resource "aws_lambda_function_url" "certLambda" {
   ]
 }
 
-
-module userLambda {
-    source = "./modules/lambda"
-    access_key = var.access_key
-    secret_key = var.secret_key
-    region = var.region
-    lambda_name = local.user_lambda_name
-    zip_file = "users.zip"
-    handler = "lambda_handler"
-    runtime = "python3.11"
-    lambda_iam_resources = [
-				"arn:aws:iam::${local.account_id}:role/*",
-				"arn:aws:iam::${local.account_id}:group/*",
-				"arn:aws:iam::${local.account_id}:policy/*",
-				"arn:aws:iam::${local.account_id}:user/*"]
-
-    lambda_iam_actions = [
-				"iam:GetPolicyVersion",
-				"iam:DeleteGroup",
-				"iam:DeletePolicy",
-				"iam:CreateRole",
-				"iam:PutRolePolicy",
-				"iam:CreateUser",
-				"iam:CreateAccessKey",
-				"iam:CreateLoginProfile",
-				"iam:AddUserToGroup",
-				"iam:RemoveUserFromGroup",
-				"iam:ListPolicyTags",
-				"iam:ListRolePolicies",
-				"iam:ChangePassword",
-				"iam:ListAccessKeys",
-				"iam:GetRole",
-				"iam:CreateGroup",
-				"iam:GetPolicy",
-				"iam:UpdateUser",
-				"iam:DeleteRole",
-				"iam:UpdateAccessKey",
-				"iam:DeleteUser",
-				"iam:ListUserPolicies",
-				"iam:CreatePolicy",
-				"iam:GetUserPolicy",
-				"iam:PutUserPolicy",
-				"iam:UpdateRole",
-				"iam:GetUser",
-				"iam:GetRolePolicy",
-				"iam:ListUserTags"
-			]
+resource "aws_iam_user" "client_users" {
+  for_each = toset(var.clients)
+  name = each.value
+  path = "/certClient/"
 }
 
-resource "aws_lambda_function_url" "userLambda" {
-  function_name      = local.user_lambda_name
-  authorization_type = "AWS_IAM"
-  depends_on = [
-    module.userLambda
-  ]
+resource "aws_iam_access_key" "clents_acces_keys" {
+  for_each = aws_iam_user.client_users
+  user = each.value.name
 }
 
-module "client_iam-group-with-policies" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-group-with-policies"
-  version = "5.30.0"
-  name = "certClient"
-  path = "/CertClient/"
-    custom_group_policy_arns = [
-    "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess"
-    ]
-}
 
+resource "aws_iam_policy_attachment" "ClientsPolicy" {
+  for_each=aws_iam_user.client_users
+  name="clients-db-policy"
+  users=[each.value.name]
+  policy_arn="arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess"
+}
diff --git a/terraform/modules/lambda/variables.tf b/terraform/modules/lambda/variables.tf
@@ -52,8 +52,4 @@ variable lambda_iam_resources {
 
 variable zip_file {
   type = string 
-}
-
-variable handler {
-    type = string
 }
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -6,6 +6,7 @@ output "CertLambda_url"{
     value = aws_lambda_function_url.certLambda.function_url
 }
 
-output "UserLambda_url"{
-    value = aws_lambda_function_url.userLambda.function_url
+output "activeClients" {
+  value = [ for key  in aws_iam_access_key.clents_acces_keys: format("Client Name: %s, access key ID: %s, secret key: %s", key.user, key.id, key.secret )]
+  sensitive = true
 }