Create an IAM User on AWS using Terraform

In this article, we will see how to create an IAM User. Before proceeding, I assume that you are familiar with the basics of Terraform and AWS IAM Users. If you want to learn more about IAM Users then click here. In this article we will create a  user and assign it administrator's permissions. 

Pre-requisites

  1. Basic understanding of Terraform.
  2. Terraform is installed on your system.
  3. AWS Account (Create if you don’t have one).
  4. 'access_key' & 'secret_key' of an AWS IAM User. (Click here to learn to create an IAM user with 'access_key' & 'secret_key' on AWS, )

What we will do

  1. Write Terraform configuration files for creating an IAM User.
  2. Create an IAM User using the Terraform configuration files.
  3. Delete the created IAM User using Terraform.

Write Terraform configuration files for IAM User

Create a dedicated directory where you can create terraform configuration files.

Use the following command to create a directory and change your present working directory to it.

mkdir terraform
cd terraform/

I am using "vim" as an editor to write in files, you can use an editor of your choice and copy paste the following configurations to create variables.tf, terraform.tfvars and  main.tf

Create 'main.tf' which is responsible to create an IAM User on to AWS. This main.tf will read values of variables from variables.tf and terraform.tfvars.

vim main.tf

provider "aws" {
      region     = "${var.region}"
      access_key = "${var.access_key}"
      secret_key = "${var.secret_key}"
}

resource "aws_iam_user" "user" {
  name = var.name
}

resource "aws_iam_user_policy_attachment" "attach-user" {
  user       = "${aws_iam_user.user.name}"
  policy_arn = var.policy_arns
}

Meaning of the arguments used in the above configuration:

  • user - The user the policy should be applied to
  • policy_arn- The ARN of the policy you want to apply

The above configuration will create a user and attach it a policy.

Create 'variables.tf' which contains the declaration and definition of the variables.

Here, 

"name" variable holds the IAM UserName to be assigned to the one that will be created.

"policy_arns" variable holds the ARN of the policy which we need to attach to the User we will be creating. Here I have assigned the ARN of the policy which will provide the Administrator Access to the user we create.

vim variables.tf

variable "access_key" {
     description = "Access key to AWS console"
}
variable "secret_key" {
     description = "Secret key to AWS console"
}
variable "region" {
     description = "Region of AWS VPC"
}
variable "name" {
  default = "myadmin"
  type        = "string"
  description = "The name of the user"
}

variable "policy_arns" {
  default = "arn:aws:iam::aws:policy/AdministratorAccess"
  type        = string
  description = "ARN of policy to be associated with the created IAM user"
}

Once you have created 'variables.tf', do not forget to change values assigned to variable. You must change the values highlighted as these are specific to my environment. You can keep the rest variables as is. If you do not want to assign the admin access to the user you are creating you can change it by defining the Policy ARN of your policy of choice.

Create 'terraform.tfvars' which contains the definition of access_key and secret_key variables defined in the above file. We have kept the declaration of these 2 variables in 'terraform.tfvars' file along with 'region'.

For creating an IAM User we do not specifically need a particular region,  I have just kept this variable here so that you can have an understanding of this region variable and you can use it in your other resource creation files.

The following keys need to be changed with the keys of your IAM user used to create resources on AWS. Before specifying these keys, you need to create them from the AWS Console and do not share these keys with anyone. 

vim terraform.tfvars

region = "eu-west-3"
access_key = "AKIAQ6GAIA5XFLXF6HOV"
secret_key = "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"

Now, you should have 3 files, viz, variables.tf, terraform.tfvars and  main.tf

Create an IAM User using the Terraform configuration files

Before you execute the following commands make sure you have configured the valid access_key and secret_key.

The  first command to be used is 'terraform init'. This command downloads and installs plugins for providers used within the configuration. In our case it is AWS.

 terraform init

The second command to be used is 'terraform plan'. This command is used to see the changes that will take place on the infrastructure.

 terraform plan

'terraform apply' command will create the resources on the AWS mentioned in the main.tf file. You will be prompted to provide your input to create the resources.

terraform apply

When you execute the above command, upon successful completion, you can see that 1 new resource has been added and 0 has been destroyed.

You can go to the AWS User console under Users to verify if the IAM User is created or not.

Note: Once you create a user, assign a password to it from the AWS Console using Root user.

Delete the created IAM User using Terraform

If you no longer require resources you created using the configuration mentioned in the main.tf file, You can use the "terraform destroy" command to delete all those resources.

terraform destroy

Conclusion

In this article we saw the steps to create an IAM User with the administrator privileges. We also saw how the IAM User can be deleted in just one command.

Share this page:

0 Comment(s)