上QQ阅读APP看书,第一时间看更新
Security Token Service
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users. We'll see why this is a great feature when we cover least privilege security in Chapter 4, Security - Ensuring the Integrity of Your Systems.
Speaking of least privilege, you really shouldn't be using your root user for AWS console access. Let's create a new user. Then go back and see whether you can recreate your environment with the new user.
Create a file named user.tf and add the following:
resource "aws_iam_user" "cloudpatterns" {
name = "loadbalancer"
}
resource "aws_iam_group" "group" {
name = "cloudpatterngroup"
}
resource "aws_iam_group_membership" "admin" {
name = "tf-admin-group-membership"
users = [
"${aws_iam_user.cloudpatterns.name}",
]
group = "${aws_iam_group.group.name}"
}
resource "aws_iam_group_policy_attachment" "test-attach" {
group = "${aws_iam_group.group.name}"
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}
Save it, then run the following:
terraform plan
terraform apply -target=aws_iam_user.cloudpatterns
You should see your new user in the IAM console.