Merge pull request #1 from clouddrove/TF-8

update module with policy arn

README.md

@@ -7,7 +7,7 @@
     Terraform AWS Iam User
 </h1>
 
-<p align="center" style="font-size: 1.2rem;">
+<p align="center" style="font-size: 1.2rem;"> 
     Terraform module to create Iam user resource on AWS.
      </p>
 
@@ -38,7 +38,7 @@
 <hr>
 
 
-We eat, drink, sleep and most importantly love **DevOps**. We are working towards stratergies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy <b>Bigger problems are always solved by breaking them into smaller manageable problems</b>. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller <b>connected yet manageable pieces</b> within the infrastructure.
+We eat, drink, sleep and most importantly love **DevOps**. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy <b>Bigger problems are always solved by breaking them into smaller manageable problems</b>. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller <b>connected yet manageable pieces</b> within the infrastructure. 
 
 This module is basically combination of [Terraform open source](https://www.terraform.io/) and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.
 
@@ -49,7 +49,7 @@ We have [*fifty plus terraform modules*][terraform_modules]. A few of them are c
 
 ## Prerequisites
 
-This module has a few dependencies:
+This module has a few dependencies: 
 
 - [Terraform 0.12](https://learn.hashicorp.com/terraform/getting-started/install.html)
 - [Go](https://golang.org/doc/install)
@@ -101,36 +101,37 @@ Here is an example of how you can use this module in your inventory structure:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| application | Application (e.g. `cd` or `clouddrove`). | string | `` | no |
-| attributes | Additional attributes (e.g. `1`). | list | `<list>` | no |
-| delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | string | `-` | no |
-| enabled | Whether to create Iam user. | bool | `true` | no |
-| environment | Environment (e.g. `prod`, `dev`, `staging`). | string | `` | no |
-| force_destroy | When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed. | bool | `false` | no |
-| label_order | Label order, e.g. `name`,`application`. | list | `<list>` | no |
-| name | Name  (e.g. `app` or `cluster`). | string | `` | no |
-| path | The path to the role. | string | `/` | no |
-| permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the role. | string | `` | no |
-| pgp_key | Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists. | string | `` | no |
-| policy | The policy document. | string | `` | no |
-| policy_enabled | Whether to Attach Iam policy with user. | bool | `false` | no |
-| status | The access key status to apply. Defaults to Active. Valid values are Active and Inactive. | string | `Active` | no |
-| tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | map | `<map>` | no |
+| application | Application \(e.g. `cd` or `clouddrove`\). | string | `""` | no |
+| attributes | Additional attributes \(e.g. `1`\). | list | `<list>` | no |
+| delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | string | `"-"` | no |
+| enabled | Whether to create Iam user. | bool | `"true"` | no |
+| environment | Environment \(e.g. `prod`, `dev`, `staging`\). | string | `""` | no |
+| force\_destroy | When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force\_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed. | bool | `"false"` | no |
+| label\_order | Label order, e.g. `name`,`application`. | list | `<list>` | no |
+| name | Name  \(e.g. `app` or `cluster`\). | string | `""` | no |
+| path | The path to the role. | string | `"/"` | no |
+| permissions\_boundary | The ARN of the policy that is used to set the permissions boundary for the role. | string | `""` | no |
+| pgp\_key | Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some\_person\_that\_exists. | string | `""` | no |
+| policy | The policy document. | string | `""` | no |
+| policy\_arn | The ARN of the policy you want to apply. | string | `""` | no |
+| policy\_enabled | Whether to Attach Iam policy with user. | bool | `"false"` | no |
+| status | The access key status to apply. Defaults to Active. Valid values are Active and Inactive. | string | `"Active"` | no |
+| tags | Additional tags \(e.g. map\(`BusinessUnit`,`XYZ`\). | map | `<map>` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | arn | The ARN assigned by AWS for this user. |
-| key_id | The access key ID. |
-| secret | The secret access key. Note that this will be written to the state file. Please supply a pgp_key instead, which will prevent the secret from being stored in plain text. |
+| key\_id | The access key ID. |
+| secret | The secret access key. Note that this will be written to the state file. Please supply a pgp\_key instead, which will prevent the secret from being stored in plain text. |
 | tags | A mapping of tags to assign to the resource. |
 
 
 
 
 ## Testing
-In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system.
+In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. 
 
 You need to run the following command in the testing folder:
 ```hcl
@@ -139,7 +140,7 @@ You need to run the following command in the testing folder:
 
 
 
-## Feedback
+## Feedback 
 If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-iam-user/issues), or feel free to drop us an email at [[email protected]](mailto:[email protected]).
 
 If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/terraform-aws-iam-user)!
@@ -157,4 +158,4 @@ At [CloudDrove][website], we offer expert guidance, implementation support and s
   [linkedin]: https://cpco.io/linkedin
   [twitter]: https://twitter.com/clouddrove/
   [email]: https://clouddrove.com/contact-us.html
-  [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language=
+  [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language=

_example/example.tf

@@ -3,7 +3,7 @@ provider "aws" {
 }
 
 module "iam-user" {
-  source = "git::https://github.com/clouddrove/terraform-aws-iam-user.git?ref=tags/0.12.0"
+  source = "../"
 
   name        = "iam-user"
   application = "clouddrove"

main.tf

@@ -33,9 +33,17 @@ resource "aws_iam_access_key" "default" {
 }
 
 resource "aws_iam_user_policy" "default" {
-  count = var.enabled && var.policy_enabled ? 1 : 0
+  count = var.enabled && var.policy_enabled && var.policy_arn == "" ? 1 : 0
   name  = format("%s-policy", module.labels.id)
   user  = aws_iam_user.default.*.name[0]
 
   policy = var.policy
+}
+
+resource "aws_iam_policy_attachment" "default" {
+  count = var.enabled && var.policy_enabled && var.policy_arn != "" ? 1 : 0
+  name  = format("%s-policy", module.labels.id)
+  users  = [aws_iam_user.default.*.name[0]]
+
+  policy_arn = var.policy_arn
 }

variables.tf

@@ -89,4 +89,10 @@ variable "policy_enabled" {
   type        = bool
   default     = false
   description = "Whether to Attach Iam policy with user."
-}
+}
+
+variable "policy_arn" {
+  type        = string
+  default     = ""
+  description = "The ARN of the policy you want to apply."
+}