Skip to main content

2.4.1 About AWS IAM Users

Youtube ๐Ÿ“บ

Now that we've created the IAM Roles and Groups, let's create users that will be using these roles and groups to complete the Role-Based Access Control that we would like to implement.

๐Ÿ‘ฅ AWS IAM Users RBACโ€‹

  • We'll be creating Head Users (or human users) that will be accessing the AWS infrastructure through the console and programmatic access(CLI). These users will have MFA enforced.
  • No users will have the privileges to create AWS Access Keys as they can only be generated via Terraform.

Following table shows the IAM Roles that were created and their mapping with each user.

UserRole
GokuAssumeRoleAdminWithMFAprod,AssumeRoleAdminWithMFAdev,AssumeRoleIAMAdminWithMFA
VegetaAssumeRoleDeveloperWithMFAprod,AssumeRoleDeveloperWithMFAdev

Configuring Usersโ€‹

  • All the users need to be configured in the global/users.auto.tfvars as shown below where the following information is required.
    • username
    • Role
    • Public GPG Key file location
global/users.auto.tfvars
users = {
  goku = {
    username = "goku"
    role     = "admin"
    pgp_key  = "goku.pub"
  },
  vegeta = {
    username = "vegeta"
    role     = "developer"
    pgp_key  = "vegeta.pub"
  }
}