jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2026-04-21 00:01:59 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
03f6c650ca9e78fc0d80d430ca1ec2a52c262da4
opentf/website/source/docs/providers/aws/r/iam_user.html.markdown
Richard Henning 2a5e1d400d provider/aws: Remove IAM user's MFA devices with force_destroy #5908 (#10262) 
When `force_destroy` was specifed on an `aws_iam_user` resource, only IAM
access keys and the login profile were destroyed. If a multi-factor auth
device had been activated for that user, deletion would fail as follows:

```
* aws_iam_user.testuser1: Error deleting IAM User testuser1: DeleteConflict: Cannot delete entity, must delete MFA device first.
    status code: 409, request id: aa41b1b7-ac4d-11e6-bb3f-3b4c7a310c65
```

This commit iterates over any of the user's MFA devices and deactivates
them before deleting the user. It follows a pattern similar to that used
to remove users' IAM access keys before deletion.

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/20 17:09:00 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (5.70s)
=== RUN   TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (11.12s)
PASS
ok  	github.com/rhenning/terraform/builtin/providers/aws	20.840s
```
2016-11-21 10:17:27 +02:00

1.7 KiB
Raw Blame History

layout, page_title, sidebar_current, description
layout page_title sidebar_current description
aws AWS: aws_iam_user docs-aws-resource-iam-user Provides an IAM user.

aws_iam_user

Provides an IAM user.

Example Usage

resource "aws_iam_user" "lb" {
    name = "loadbalancer"
    path = "/system/"
}

resource "aws_iam_access_key" "lb" {
    user = "${aws_iam_user.lb.name}"
}

resource "aws_iam_user_policy" "lb_ro" {
    name = "test"
    user = "${aws_iam_user.lb.name}"
    policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ec2:Describe*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
EOF
}

Argument Reference

The following arguments are supported:

  • name - (Required) The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser".
  • path - (Optional, default "/") Path in which to create the user.
  • force_destroy - (Optional, default false) When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed.

Attributes Reference

The following attributes are exported:

  • unique_id - The unique ID assigned by AWS.

  • arn - The ARN assigned by AWS for this user.

Import

IAM Users can be imported using the name, e.g.

$ terraform import aws_iam_user.lb loadbalancer
Reference in New Issue View Git Blame Copy Permalink