From 09d93a4c83c3c6a50fe907b5829df3e69711a580 Mon Sep 17 00:00:00 2001
From: Evair Marinho <evairmarinho@hotmail.com>
Date: Fri, 2 Apr 2021 22:48:59 -0300
Subject: [PATCH] Migration of learning repository files

---
 .gitignore                     | 30 ++++++++++++++
 README.md                      | 71 ++++++++++++++++++++++++++++++++++
 examples/with_new_groups.tf    | 17 ++++++++
 examples/without_new_groups.tf | 17 ++++++++
 main.tf                        | 26 +++++++++++++
 variables.tf                   | 38 ++++++++++++++++++
 6 files changed, 199 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 examples/with_new_groups.tf
 create mode 100644 examples/without_new_groups.tf
 create mode 100644 main.tf
 create mode 100644 variables.tf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4cc8829
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,30 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+# Terraform Lock HCL
+.terraform.lock.hcl
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+.terraform-docs.yml
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..66b2861
--- /dev/null
+++ b/README.md
@@ -0,0 +1,71 @@
+# Introduction
+- This Terraform Stack create **IAM users** and optionally **IAM groups** dynamically in AWS cloud. 
+## Permissions
+- Crate a policy with content below and attach in EC2 IAM Role or IAM User. These permissions are required to works correctly!
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "",
+            "Effect": "Allow",
+            "Action": [
+                "iam:CreateGroup",
+                "iam:AddUserToGroup",
+                "iam:RemoveUserFromGroup",
+                "iam:DeleteGroup",
+                "iam:ListGroupsForUser",
+                "iam:UpdateGroup",
+                "iam:DeleteUser",
+                "iam:GetUser",
+                "iam:CreateUser",
+                "iam:GetGroup"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_group.groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group) | resource |
+| [aws_iam_user.users](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
+| [aws_iam_user_group_membership.user_to_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_group_membership) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_access_key"></a> [access\_key](#input\_access\_key) | AWS Access Key | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | Region where the resources will be created. | `string` | n/a | yes |
+| <a name="input_secret_key"></a> [secret\_key](#input\_secret\_key) | AWS Secret Access Key | `string` | n/a | yes |
+| <a name="input_create_groups"></a> [create\_groups](#input\_create\_groups) | Define if Terraform will create new\_groups based on variable groups. | `bool` | `true` | no |
+| <a name="input_groups"></a> [groups](#input\_groups) | List of group names for Terraform create, case create\_groups variable be true | `list(string)` | `[]` | no |
+| <a name="input_users"></a> [users](#input\_users) | Map for Terraform create users. | `map(any)` | <pre>{<br>  "user1": {<br>    "groups": [<br>      "ADM",<br>      "developers"<br>    ],<br>    "name": "test",<br>    "path": "/"<br>  }<br>}</pre> | no |
+<!-- END_TF_DOCS -->
+
+### This Terraform documentation was generated by [terraform-docs](https://github.com/terraform-docs/terraform-docs).
+
+## Getting started
+```sh
+terraform init
+
+terraform plan
+
+terraform apply
+```
diff --git a/examples/with_new_groups.tf b/examples/with_new_groups.tf
new file mode 100644
index 0000000..9c78609
--- /dev/null
+++ b/examples/with_new_groups.tf
@@ -0,0 +1,17 @@
+module "with_new_groups" {
+
+  source = "../../.."
+  region = "us-east-1"
+  access_key = "<MY_ACCESS_KEY>"
+  secret_key = "<MY_SECRET_KEY>"
+  groups        = ["developers"]
+  create_groups = true
+  users = {
+      "user1": {
+          name: "test_user"
+          groups: ["ADM", "developers"]
+          path: "/"
+      }
+  }
+
+}
diff --git a/examples/without_new_groups.tf b/examples/without_new_groups.tf
new file mode 100644
index 0000000..527d20c
--- /dev/null
+++ b/examples/without_new_groups.tf
@@ -0,0 +1,17 @@
+  
+module "without_new_groups" {
+
+  source = "../../.."
+  region = "us-east-1"
+  access_key = "<MY_ACCESS_KEY>"
+  secret_key = "<MY_SECRET_KEY>"
+  create_groups = false
+  users = {
+      "user1": {
+          name: "test_user"
+          groups: ["Marketing","SysAdmins"]
+          path: "/"
+      }
+  }
+
+}
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..d7e6085
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,26 @@
+provider "aws" {
+  region     = var.region
+  access_key = var.access_key
+  secret_key = var.secret_key
+}
+
+
+resource "aws_iam_group" "groups" {
+  for_each = var.create_groups ? toset(var.groups) : toset([])
+  name     = each.value
+  path     = "/"
+}
+
+resource "aws_iam_user" "users" {
+  for_each = var.users
+  name     = each.value.name
+  path     = try(each.value.path, "/")
+
+}
+
+resource "aws_iam_user_group_membership" "user_to_groups" {
+  for_each   = var.users
+  user       = each.value.name
+  groups     = each.value.groups
+  depends_on = [aws_iam_user.users, aws_iam_group.groups]
+}
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..e3a6f3f
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,38 @@
+variable "region" {
+  type        = string
+  description = "Region where the resources will be created."
+}
+
+variable "groups" {
+  type        = list(string)
+  default     = []
+  description = "List of group names for Terraform create, case create_groups variable be true"
+}
+
+variable "users" {
+  type = map(any)
+  default = {
+    "user1" : {
+      name : "test"
+      groups : ["ADM", "developers"]
+      path : "/"
+    }
+  }
+  description = "Map for Terraform create users."
+
+}
+
+variable "create_groups" {
+  type        = bool
+  default     = true
+  description = "Define if Terraform will create new_groups based on variable groups."
+}
+
+variable "access_key" {
+  type        = string
+  description = "AWS Access Key"
+}
+variable "secret_key" {
+  type        = string
+  description = "AWS Secret Access Key"
+}