Skip to content

Commit

Permalink
fix: Update self manage policy to support users with path (#335)
Browse files Browse the repository at this point in the history 
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
  • Loading branch information
@enver @bryantbiggs
enver and bryantbiggs committed Mar 21, 2023
1 parent ae093dd commit 9a8d5cb
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 7 deletions.
1 change: 1 addition & 0 deletions examples/iam-group-with-policies/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ module "iam_user2" {
source = "../../modules/iam-user"

name = "user2"
path = "/developers/"

create_iam_user_login_profile = false
create_iam_access_key = false
Expand Down
31 changes: 24 additions & 7 deletions modules/iam-group-with-policies/policies.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,10 @@ data "aws_iam_policy_document" "iam_self_management" {
"iam:GetUser"
]

resources = ["arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}"]
resources = [
"arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}",
"arn:${local.partition}:iam::${local.aws_account_id}:user/*/$${aws:username}"
]
}

statement {
Expand All @@ -50,7 +53,10 @@ data "aws_iam_policy_document" "iam_self_management" {
"iam:UpdateAccessKey"
]

resources = ["arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}"]
resources = [
"arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}",
"arn:${local.partition}:iam::${local.aws_account_id}:user/*/$${aws:username}"
]
}

statement {
Expand All @@ -65,7 +71,10 @@ data "aws_iam_policy_document" "iam_self_management" {
"iam:UploadSigningCertificate"
]

resources = ["arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}"]
resources = [
"arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}",
"arn:${local.partition}:iam::${local.aws_account_id}:user/*/$${aws:username}"
]
}

statement {
Expand All @@ -81,7 +90,10 @@ data "aws_iam_policy_document" "iam_self_management" {
"iam:UploadSSHPublicKey"
]

resources = ["arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}"]
resources = [
"arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}",
"arn:${local.partition}:iam::${local.aws_account_id}:user/*/$${aws:username}"
]
}

statement {
Expand All @@ -97,7 +109,10 @@ data "aws_iam_policy_document" "iam_self_management" {
"iam:UpdateServiceSpecificCredential"
]

resources = ["arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}"]
resources = [
"arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}",
"arn:${local.partition}:iam::${local.aws_account_id}:user/*/$${aws:username}"
]
}

statement {
Expand All @@ -124,8 +139,10 @@ data "aws_iam_policy_document" "iam_self_management" {
"iam:ResyncMFADevice"
]

resources = ["arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}"]

resources = [
"arn:${local.partition}:iam::${local.aws_account_id}:user/$${aws:username}",
"arn:${local.partition}:iam::${local.aws_account_id}:user/*/$${aws:username}"
]
}

statement {
Expand Down

0 comments on commit 9a8d5cb

Please sign in to comment.