AWS IAM User Policy
This page shows how to write Terraform and CloudFormation for IAM User Policy and write them securely.
aws_iam_user_policy (Terraform)
The User Policy in IAM can be configured in Terraform with the resource name aws_iam_user_policy
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_iam_user_policy" "nperevozchikov_EKS-FullAccess" {
name = "EKS-FullAccess"
policy = <<POLICY
{
"Statement": [
resource "aws_iam_user_policy" "nperevozchikov_EKS-FullAccess" {
name = "EKS-FullAccess"
policy = <<POLICY
{
"Statement": [
resource "aws_iam_user_policy" "rootUserNotContainMfaTypeVirtual" {
name = "test"
user = "root"
policy = <<EOF
{
resource "aws_iam_user_policy" "vpc_user_policy" {
name = "vpc-user-policy"
user = aws_iam_user.vpc.name
policy = <<EOF
{
resource "aws_iam_user_policy" "app_cognito" {
name = "cognito"
policy = data.aws_iam_policy_document.cognito.json
user = aws_iam_user.app.name
}
Parameters
-
id
optional computed - string -
name
optional computed - string -
name_prefix
optional - string -
policy
required - string -
user
required - string
Explanation in Terraform Registry
Provides an IAM policy attached to a user.
Tips: Best Practices for The Other AWS IAM Resources
In addition to the aws_iam_account_password_policy, AWS IAM has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_iam_account_password_policy
Ensure AWS IAM account password policies requires long passwords
It's better to enforce the use of long and complex passwords to reduce the risk of bruteforce attacks.
AWS::IAM::User (CloudFormation)
The User in IAM can be configured in CloudFormation with the resource name AWS::IAM::User
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::IAM::User
Properties:
UserName: Charlotte1
LoginProfile:
Password: !Ref 'CloudspaceEngPassword'
TigerUser2:
Type: "AWS::IAM::User"
Properties:
Groups:
- DevUsers
- ProdUsers
- PrimeUsers
Type: "AWS::IAM::User"
Properties:
Groups:
- DevUsers
- ProdUsers
- PrimeUsers
Type: "AWS::IAM::User"
Properties:
Groups:
- DevUsers
- ProdUsers
- PrimeUsers
Type: "AWS::IAM::User"
Properties:
Groups:
- Devusers
- Produsers
- PrimeUsers
"Type" : "AWS::IAM::User",
"Properties" : {
"UserName" : "applicationadministrator",
"Path" : "/",
"Groups" : [
{ "Fn::ImportValue" : { "Fn::Sub" : "${CustomGroupsStackName}-ApplicationAdministratorsGroup" }}
"Type" : "AWS::IAM::User",
"Properties" : {
"UserName" : "applicationadministrator",
"Path" : "/",
"Groups" : [
{ "Fn::ImportValue" : { "Fn::Sub" : "${CustomGroupsStackName}-ApplicationAdministratorsGroup" }}
"Type": "AWS::IAM::User",
"Properties": {
"UserName": "Scout2User001",
"Groups": [
"BlockedUsers"
]
"Type": "AWS::IAM::User",
"Properties": {
"UserName": "TestUser1",
"Path": "/"
}
},
"Type" : "AWS::IAM::User",
"Properties" : {
"UserName" : "mcrawford",
"Path" : "/",
"Groups" : [{ "Fn::ImportValue" : { "Fn::Sub" : "${StandardGroupsStackName}-AdministratorsGroup" }}]
}
Parameters
-
Groups
optional - List -
LoginProfile
optional - LoginProfile -
ManagedPolicyArns
optional - List -
Path
optional - String -
PermissionsBoundary
optional - String -
Policies
optional - List of Policy -
Tags
optional - List of Tag -
UserName
optional - String
Explanation in CloudFormation Registry
Creates a new IAM user for your AWS account. For information about quotas for the number of IAM users you can create, see IAM and AWS STS quotas in the IAM User Guide.
Frequently asked questions
What is AWS IAM User Policy?
AWS IAM User Policy is a resource for IAM of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS IAM User Policy?
For Terraform, the mortyre/misc, mortyre/misc and storebot/pr_demo_flat source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the hortensehouendji/Tigers_CloudProject3, ServerlessOpsIO/infrastructure and ServerlessOpsIO/infrastructure source code examples are useful. See the CloudFormation Example section for further details.