Skip to content

Add IAM user ezesalvatore to devops-security team #133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 21, 2025
Merged

Add IAM user ezesalvatore to devops-security team #133

merged 1 commit into from
Aug 21, 2025

Conversation

ezesalvatore
Copy link
Member

@ezesalvatore ezesalvatore commented Aug 21, 2025
edited
Loading

Fixes #131

What changes did you make?

I made changes to the README.md and aws-users

Why did you make the changes (we will use this info to test)?

To complete on boarding

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 21, 2025
edited
Loading

Terraform plan in terraform
With backend config files: terraform/prod.backend.tfvars

Plan: 3 to add, 1 to change, 0 to destroy. 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+   create
!~  update in-place

Terraform will perform the following actions:

  # module.aws_custom_policies.aws_iam_policy.custom_policy["EnforceMFAForUsers"] will be updated in-place
!~  resource "aws_iam_policy" "custom_policy" {
        id               = "arn:aws:iam::035866691871:policy/EnforceMFAForUsers"
        name             = "EnforceMFAForUsers"
!~      policy           = jsonencode(
!~          {
!~              Statement = [
                    {
                        Condition = {
                            BoolIfExists = {
                                "aws:MultiFactorAuthPresent" = "false"
                            }
                        }
                        Effect    = "Deny"
                        NotAction = [
                            "iam:CreateVirtualMFADevice",
                            "iam:EnableMFADevice",
                            "iam:GetUser",
                            "iam:GetMFADevice",
                            "iam:ListMFADevices",
                            "iam:ListVirtualMFADevices",
                            "iam:ResyncMFADevice",
                            "sts:GetSessionToken",
                        ]
                        Resource  = "*"
                        Sid       = "EnforceMFAForUsers"
                    },
-                   {
-                       Action   = [
-                           "iam:CreateVirtualMFADevice",
                        ]
-                       Effect   = "Allow"
-                       Resource = "arn:aws:iam::*:mfa/*"
-                       Sid      = "AllowManageOwnVirtualMFADevice"
                    },
-                   {
-                       Action   = [
-                           "iam:DeactivateMFADevice",
-                           "iam:EnableMFADevice",
-                           "iam:ListMFADevices",
-                           "iam:ResyncMFADevice",
                        ]
-                       Effect   = "Allow"
-                       Resource = "arn:aws:iam::*:user/${aws:username}"
-                       Sid      = "AllowManageOwnUserMFA"
                    },
                ]
#                (1 unchanged attribute hidden)
            }
        )
        tags             = {}
#        (7 unchanged attributes hidden)
    }

  # module.iam_user_ezesalvatore4.aws_iam_user.user will be created
+   resource "aws_iam_user" "user" {
+       arn           = (known after apply)
+       force_destroy = false
+       id            = (known after apply)
+       name          = "ezesalvatore"
+       path          = "/"
+       tags          = {
+           "Access Level" = "1"
+           "Project"      = "devops-security"
        }
+       tags_all      = {
+           "Access Level" = "1"
+           "Project"      = "devops-security"
        }
+       unique_id     = (known after apply)
    }

  # module.iam_user_ezesalvatore4.aws_iam_user_group_membership.user_group_membership will be created
+   resource "aws_iam_user_group_membership" "user_group_membership" {
+       groups = [
+           "read-only-group",
        ]
+       id     = (known after apply)
+       user   = "ezesalvatore"
    }

  # module.iam_user_ezesalvatore4.aws_iam_user_login_profile.user_login will be created
+   resource "aws_iam_user_login_profile" "user_login" {
+       encrypted_password      = (known after apply)
+       id                      = (known after apply)
+       key_fingerprint         = (known after apply)
+       password                = (sensitive value)
+       password_length         = 20
+       password_reset_required = true
+       user                    = "ezesalvatore"
    }

Plan: 3 to add, 1 to change, 0 to destroy.

Warning: Argument is deprecated

  with module.iam_oidc_gha_incubator.aws_iam_role.github_actions_oidc,
  on modules/aws-gha-oidc-providers/main.tf line 54, in resource "aws_iam_role" "github_actions_oidc":
  54:   managed_policy_arns = var.policy_arns

managed_policy_arns is deprecated. Use the aws_iam_role_policy_attachment
resource instead. If Terraform should exclusively manage all managed policy
attachments (the current behavior of this argument), use the
aws_iam_role_policy_attachments_exclusive resource as well.

❌ Error applying plan in Apply Terraform changes on merge #30

@ale210 ale210 merged commit 7bbd9e3 into main Aug 21, 2025
1 check passed
@ale210 ale210 deleted the 132-add-new-iam-user branch August 21, 2025 01:14
@myronchen-git myronchen-git linked an issue Oct 9, 2025 that may be closed by this pull request
Request AWS IAM user #132
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ale210 ale210 ale210 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Request AWS IAM user Pre-work Checklist: DevOps-Security-Member: [Salvatore Eze]

2 participants

@ezesalvatore @ale210