Security As Code— Secure AWS Access Using Terraform Managed IAM Groups/Users

AWS IAM stands for “Identity and Access Management”, it is a AWS web service that helps you securely control access to your AWS resources. When you first create an AWS account, you begin the root user and is accessed by signing in with the email address and password that you used to create the account. I strongly recommend you do not use root user for your AWS tasks. Instead, you should use IAM Groups to define different type/category of access, and assign IAM users to each different groups.

Like any other groups, IAM Group is just a collection of users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. It is important for you to create different groups for your organization, to best secure and manage your AWS resources.

Created by HashiCorp, Terraform allows you to use Infrastructure as Code to provision and manage any cloud, infrastructure, or services. In this blog, I will show you how to use Terraform to create a IAM Group and two IAM Users , to control your application developers’ access to AWS resources.

Background

You have an application called “testapp”, it runs on EC2 instance and has data stored in AWS s3 buckets. As the app owner, you only want to grant developer accesses to the EC2 instance and s3 bucket.

  • Create iam_policy.tf file
  • Create variables.tf file, which defines all the variables
  • Create iam_groups.tf file, which defines the group and users

Test and Run

  • Initialize the terraform working directory
  • Rewrite all configuration files to a canonical format and style
  • Validate the syntax
  • Actual deploy

You can see once deployed, you will have a “TestappDeveloper” group in your AWS IAM and two users created and assigned to this group.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store