AWS IAM User Login Profile
This page shows how to write Terraform and CloudFormation for IAM User Login Profile and write them securely.
aws_iam_user_login_profile (Terraform)
The User Login Profile in IAM can be configured in Terraform with the resource name aws_iam_user_login_profile. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_iam_user_login_profile" "terraform_user1" {
user = aws_iam_user.terraform_user1.name
pgp_key = "keybase:test"
}
resource "aws_iam_user_login_profile" "terraform_user2" {
resource "aws_iam_user_login_profile" "positive2" {
user = aws_iam_user.example.name
pgp_key = "keybase:some_person_that_exists"
password_reset_required = false
resource "aws_iam_user_login_profile" "gregory" {
user = aws_iam_user.gregory.name
pgp_key = local.iam_pgp_key
}
// Damien
resource "aws_iam_user_login_profile" "positive2" {
user = aws_iam_user.example.name
pgp_key = "keybase:some_person_that_exists"
password_reset_required = false
resource "aws_iam_user_login_profile" "Monitor1" {
user = "Monitor1"
pgp_key = "keybase:maximfloreagmail" #Keybase:example --example means the account name of the user with the pgp key
password_length = 10
}
resource "aws_iam_user_login_profile" "Monitor2" {
Parameters
-
encrypted_passwordoptional computed - string -
idoptional computed - string -
key_fingerprintoptional computed - string -
password_lengthoptional - number -
password_reset_requiredoptional - bool -
pgp_keyrequired - string -
userrequired - string
Explanation in Terraform Registry
Manages an IAM User Login Profile with limited support for password creation during Terraform resource creation. Uses PGP to encrypt the password for safe transport to the user. PGP keys can be obtained from Keybase. -> To reset an IAM User login password via Terraform, you can use the
terraform taintcommand or change any of the arguments.
Tips: Best Practices for The Other AWS IAM Resources
In addition to the aws_iam_account_password_policy, AWS IAM has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_iam_account_password_policy
Ensure AWS IAM account password policies requires long passwords
It's better to enforce the use of long and complex passwords to reduce the risk of bruteforce attacks.
AWS::IAM::User LoginProfile (CloudFormation)
The User LoginProfile in IAM can be configured in CloudFormation with the resource name AWS::IAM::User LoginProfile. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
Password
The user's password.
Required: Yes
Type: String
Update requires: No interruption
PasswordResetRequired
Specifies whether the user is required to set a new password on next sign-in.
Required: No
Type: Boolean
Update requires: No interruption
Explanation in CloudFormation Registry
Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console. For more information about managing passwords, see Managing Passwords in the IAM User Guide.
Frequently asked questions
What is AWS IAM User Login Profile?
AWS IAM User Login Profile is a resource for IAM of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS IAM User Login Profile?
For Terraform, the akshay0990/terraform-tasks, leonidweinbergcx/mykics and ARIG-Robotique/terraform-aws-env source code examples are useful. See the Terraform Example section for further details.
