An Interest In:
Web News this Week
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
Some of Our Sources
- You The Designer
- Inspiredology
- Web Designer Depot
- Naldz Graphics
- Fudge Graphics
- Reencoded
- Spyre Studios
- Web Resource Source
- Willems Lab
- Daily Now
Help Webnuz
Referal links:
Chapter 3: IAM User Group
On the previous chapter, we have IAM User. Now, we move to the IAM User Group. An IAM User Group consist two or more IAM users as members, not group (because group can't consist other groups). It'll help us easier to manage same permission for multiple users in group level. This is the best practice to manage authorization such as policies for IAM Users.
For IAM User Group, we use community.aws.iam_group module.
1. Create group along with existing users as members.
A variable to be added in inventory:
group_new_members: - { name: "{{ group1 }}", members: ["{{ user1 }}","{{ user2 }}"] }Task:
(Note: you can remove users parameter if you wanna create group only without adding users as members).
- name: create group and add existing users as members community.aws.iam_group: name: "{{ item.name }}" state: present users: "{{ item.members }}" loop: "{{ group_new_members }}" tags: - iam_group_new_membersRun the playbook:
$ ansible-playbook -i host.yml iam.yml -t iam_group_new_membersPLAY [iam] *************************************************************************TASK [create group and add existing users as members] ******************************changed: [localhost] => (item={'name': 'developer', 'members': ['nurul', 'rama']})Let's check if group created with the users in!
$ aws iam get-group --group-name developer | grep UserName "UserName": "nurul", "UserName": "rama",2. Create group and attach managed policy.
As I mentioned before, group level is one of best practice to manage permissions or policies for IAM Users. With ansible, we can do that for sure.
A variable to be added in inventory:
group_new_policy: - { name: "{{ group2 }}", policy: arn:aws:iam::aws:policy/IAMReadOnlyAccess }Task:
- name: create group + attach managed policy community.aws.iam_group: name: "{{ item.name }}" managed_policies: "{{ item.policy }}" state: present loop: "{{ group_new_policy }}" tags: - iam_group_new_policyRun the playbook:
$ ansible-playbook -i host.yml iam.yml -t iam_group_new_policyPLAY [iam] *************************************************************************TASK [create group + attach managed policy] ****************************************changed: [localhost] => (item={'name': 'programmer', 'policy': 'arn:aws:iam::aws:policy/IAMReadOnlyAccess'})3. Create group along with existing users as members and attach managed policy.
The first task let us create group and add users, the second task does different by replacing add users with attach managed policy. All the tasks have ran separately, but how if we need both? We can do that. Here's how:
Add variable below to inventory:
group_new_policy_members: - { name: "{{ group3 }}", policy: arn:aws:iam::aws:policy/IAMReadOnlyAccess, members: ["{{ user1 }}","{{ user2 }}"] }Task:
- name: create group with users as members + attach managed policy community.aws.iam_group: name: "{{ item.name }}" managed_policies: "{{ item.policy }}" users: "{{ item.members }}" state: present loop: "{{ group_new_policy_members }}" tags: - iam_group_new_policy_membersRun the playbook:
$ ansible-playbook -i host.yml iam.yml -t iam_group_new_policy_membersPLAY [iam] *************************************************************************TASK [create group with users as members + attach managed policy] ******************changed: [localhost] => (item={'name': 'engineer', 'policy': 'arn:aws:iam::aws:policy/IAMReadOnlyAccess', 'members': ['nurul', 'rama']})$ aws iam get-group --group-name engineer | grep UserName "UserName": "nurul", "UserName": "rama",Please note that all tasks above are not just about create, create, and create. You can use it to manage group as well. For example, you want to add existing users as members of existing group. Then you can use first task above to do that.
That's it for Chapter 3. We'll continue with IAM Role for Chapter 4.
Original Link: https://dev.to/nurulramadhona/chapter-3-iam-user-group-432o
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To