在禁用 IAM 控制台访问的情况下创建的 Terraform 预置 IAM 用户 [英] Terraform provisioned IAM user created with IAM Console access disabled

问题描述

我在 Terraform 配置中通过 keybase.io PGP 生成凭据.我可以确认新用户通过 aws-cli 访问成功.

I'm generating credentials via keybase.io PGP in my Terraform config. I can confirm access via aws-cli is successful for the new user.

但是，控制台访问仍然被禁用.有没有办法在启用控制台访问的情况下使用 Terraform 创建用户?

However, Console access remains disabled. Is there a way to create a user with Terraform with the console access enabled?

我很欣赏这对于 Terraform 来说有点反模式，但我希望我的新用户能够登录到控制台 UI 以进行验证/调试.

I appreciate that's a bit of an anti-pattern for Terraform, but I'd like my new user to be able to log in to the Console UI to validate/debug.

更新 1

地形模块:

https://registry.terraform.io/modules/terraform-aws-modules/iam/aws/0.0.4

https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/modules/iam-user

user.tf:

module "user" {
  source = "terraform-aws-modules/iam/aws//modules/iam-user"
  name = "user"
  pgp_key = "keybase:foo"
}

推荐答案

您需要使用 aws_iam_user_login_profile 启用控制台登录.可以在这里找到有关此的 Terraform 文档.您也可以参考 this stackoverflow 问题.

You need to enable console login using aws_iam_user_login_profile. Terraform documentation for this can be found here. You can also refer this stackoverflow question.

这篇关于在禁用 IAM 控制台访问的情况下创建的 Terraform 预置 IAM 用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！