Merge pull request #15 from confusdcodr/support-user

Add support user to address CIS Benchmarks

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.0.2
+current_version = 0.0.3
 commit = True
 message = Bumps version to {new_version}
 tag = False

CHANGELOG.md

@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+### 0.0.3
+
+**Commit Delta**: [Change from 0.0.2 release](https://github.com/plus3it/tardigrade/compare/0.0.2...0.0.3)
+
+**Released**: 2020.01.03
+
+**Summary**:
+
+*   Add AWSSupportAccess AWS Managed Policy to user
+
 ### 0.0.2
 
 **Commit Delta**: [Change from 0.0.1 release](https://github.com/plus3it/tardigrade/compare/0.0.1...0.0.2)

tardigrade/roots/aws/baseline/main.tf

@@ -76,10 +76,6 @@ locals {
   }
 }
 
-data "aws_caller_identity" "this" {}
-
-data "aws_availability_zones" "all" {}
-
 ##### KEYSTORE #####
 # Keys to be stored in the `keystore` and `keystore_ssm` modules
 locals {
@@ -198,12 +194,16 @@ locals {
 
   # setup users to be created
   users = [{
-    name = "alpha",
-    }, {
-    name = "beta",
+    name        = "support-user",
+    policy_arns = [data.aws_iam_policy.this.arn]
   }]
 }
 
+# get ARN for AWSSupportAccess AWS Managed policy
+data "aws_iam_policy" "this" {
+  arn = "arn:${data.aws_partition.this.partition}:iam::${data.aws_partition.this.partition}:policy/AWSSupportAccess"
+}
+
 module "iam_users" {
   source = "git::https://github.com/plus3it/terraform-aws-tardigrade-iam-principals.git?ref=3.0.0"
 
@@ -418,6 +418,13 @@ module "inspector" {
   tags             = local.tags
 }
 
+##### DATA SOURCES #####
+data "aws_caller_identity" "this" {}
+
+data "aws_partition" "this" {}
+
+data "aws_availability_zones" "all" {}
+
 ##### MANAGING DEFAULT RESOURCES #####
 ### DEFAULT VPC ###
 data "aws_vpc" "default" {