github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/iam/AVD-AWS-0143/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/iam/AVD-AWS-0143/Terraform.md (about)

     1  
     2  Grant policies at the group level instead.
     3  
     4  ```hcl
     5  resource "aws_iam_group" "developers" {
     6    name = "developers"
     7    path = "/users/"
     8  }
     9  
    10  resource "aws_iam_user" "jim" {
    11    name = "jim"
    12  }
    13  
    14  resource "aws_iam_group_membership" "devteam" {
    15    name = "developers-team"
    16  
    17    users = [
    18      aws_iam_user.jim.name,
    19    ]
    20  
    21    group = aws_iam_group.developers.name
    22  }
    23  
    24  resource "aws_iam_group_policy" "ec2policy" {
    25    name = "test"
    26    group = aws_iam_group.developers.name
    27  
    28    policy = <<EOF
    29  {
    30    "Version": "2012-10-17",
    31    "Statement": [
    32      {
    33        "Action": [
    34          "ec2:Describe*"
    35        ],
    36        "Effect": "Allow",
    37        "Resource": "*"
    38      }
    39    ]
    40  }
    41  EOF
    42  }
    43   			
    44  ```
    45  
    46  #### Remediation Links
    47   - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user
    48