🔐 IAM – User, Policy & Attachment
📌 IAM User
resource "aws_iam_user" "admin-user" {
name = "lucy"
tags = {
Description = "Technical Team Leader"
}
}
📌 IAM Policy
resource "aws_iam_policy" "adminUser" {
name = "AdminUsers"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
EOF
}
📌 Policy Attachment
resource "aws_iam_user_policy_attachment" "lucy-admin-access" {
user = aws_iam_user.admin-user.name
policy_arn = aws_iam_policy.adminUser.arn
}
🪣 S3 – Bucket, Object & Bucket Policy
📌 S3 Bucket
resource "aws_s3_bucket" "finance" {
bucket = "finanace-21092020"
tags = {
Description = "Finance and Payroll"
}
}
📌 Upload Object to S3
resource "aws_s3_object" "finance-2020" {
bucket = aws_s3_bucket.finance.id
key = "finance-2020.doc"
source = "/root/finance/finance-2020.doc"
}
📌 IAM Group (Data Source)
data "aws_iam_group" "finance-data" {
group_name = "finance-analysts"
}
📌 S3 Bucket Policy
resource "aws_s3_bucket_policy" "finance-policy" {
bucket = aws_s3_bucket.finance.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::${aws_s3_bucket.finance.id}/*",
"Principal": {
"AWS": [
"${data.aws_iam_group.finance-data.arn}"
]
}
}
]
}
EOF
}
🗄️ DynamoDB – Table & Item
📌 DynamoDB Table
resource "aws_dynamodb_table" "cars" {
table_name = "cars"
hash_key = "VIN"
billing_mode = "PAY_PER_REQUEST"
attribute {
name = "VIN"
type = "S"
}
}
📌 DynamoDB Table Item
resource "aws_dynamodb_table_item" "car-items" {
table_name = aws_dynamodb_table.cars.table_name
hash_key = aws_dynamodb_table.cars.hash_key
item = jsonencode({
Manufacturer = { S = "Toyota" }
Make = { S = "Corolla" }
Year = { N = "2004" }
VIN = { S = "4Y1SL65848Z411439" }
})
}