forked from ohpensource/terraform-aws-ohp-ecr
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiam_pull.tf
43 lines (36 loc) · 1.09 KB
/
iam_pull.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Pull User
resource "aws_iam_access_key" "pull" {
count = local.create_pull_user
user = aws_iam_user.pull.*.name[count.index]
}
resource "aws_iam_user" "pull" {
count = local.create_pull_user
name = local.pull_iam_user_name
tags = merge(
var.tags,
tomap(
{ "Name" = local.pull_iam_user_name }
)
)
}
resource "aws_iam_user_policy" "pull" {
count = local.create_pull_user
name = "${local.pull_iam_user_name}-ecr-policy"
user = aws_iam_user.pull.*.name[count.index]
policy = data.aws_iam_policy_document.ecr_pull_user_policy.*.json[count.index]
}
resource "aws_secretsmanager_secret" "pull" {
count = local.create_pull_user
name = local.pull_iam_user_name
tags = merge(
var.tags,
tomap(
{ "Name" = local.pull_iam_user_name }
)
)
}
resource "aws_secretsmanager_secret_version" "pull" {
count = local.create_pull_user
secret_id = aws_secretsmanager_secret.pull.*.id[count.index]
secret_string = "{\"AccessKey\":\"${aws_iam_access_key.pull.*.id[count.index]}\",\"SecretKey\":\"${aws_iam_access_key.pull.*.secret[count.index]}\"}"
}