feat: remove AWS user (#20)

* fix: remove interpollation only expressions * feat: make aws tf user optional * feat: create aws tf user by default * feat: remove aws user alltogether * fix: keep the google svc account
ouzi-dev · Feb 17, 2020 · 9649558 · 9649558
1 parent e1c8ac1
commit 9649558
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 37 deletions.
diff --git a/main.tf b/main.tf
@@ -162,35 +162,41 @@ resource "google_service_account_key" "prow_terraform" {
   service_account_id = google_service_account.prow_terraform.name
 }
 
-### AWS Service Account for terraform 
-resource "aws_iam_user" "prow_terraform" {
-  name = "tf_aws_service_account_${local.infra_id}"
-  tags = local.tags
-}
-
-### AWS Service Account access key
-resource "aws_iam_access_key" "prow_terraform" {
-  user = "${aws_iam_user.prow_terraform.name}"
-}
-
-### AWS Service Account IAM policy
-resource "aws_iam_user_policy" "prow_terraform" {
-  name = "tf_aws_service_account_${local.infra_id}"
-  user = "${aws_iam_user.prow_terraform.name}"
-
-  policy = <<EOF
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Action": "*",
-            "Resource": "*"
-        }
-    ]
-}
-EOF
-}
+# Removing the AWS user management - this is not directly related to this module 
+# and it cleaner without it
+#
+# ### AWS Service Account for terraform 
+# resource "aws_iam_user" "prow_terraform" {
+#   count = var.create_aws_terraform_user == true ? 1 : 0
+#   name = "tf_aws_service_account_${local.infra_id}"
+#   tags = local.tags
+# }
+
+# ### AWS Service Account access key
+# resource "aws_iam_access_key" "prow_terraform" {
+#   count = var.create_aws_terraform_user == true ? 1 : 0
+#   user = aws_iam_user.prow_terraform[count.index].name
+# }
+
+# ### AWS Service Account IAM policy
+# resource "aws_iam_user_policy" "prow_terraform" {
+#   count = var.create_aws_terraform_user == true ? 1 : 0
+#   name = "tf_aws_service_account_${local.infra_id}"
+#   user = aws_iam_user.prow_terraform[count.index].name
+
+#   policy = <<EOF
+# {
+#     "Version": "2012-10-17",
+#     "Statement": [
+#         {
+#             "Effect": "Allow",
+#             "Action": "*",
+#             "Resource": "*"
+#         }
+#     ]
+# }
+# EOF
+# }
 
 ### DNS Zone for the Base Domain we are using
 resource "google_dns_managed_zone" "cluster_zone" {

diff --git a/outputs.tf b/outputs.tf
@@ -16,15 +16,15 @@ output "prow_terraform_gcloud_svc_account_key" {
   sensitive = true
 }
 
-output "prow_terraform_aws_svc_account_access_key_id" {
-  value     = aws_iam_access_key.prow_terraform.id
-  sensitive = true
-}
+# output "prow_terraform_aws_svc_account_access_key_id" {
+#   value     = aws_iam_access_key.prow_terraform[*].id
+#   sensitive = true
+# }
 
-output "prow_terraform_aws_svc_account_secret_access_key" {
-  value     = aws_iam_access_key.prow_terraform.secret
-  sensitive = true
-}
+# output "prow_terraform_aws_svc_account_secret_access_key" {
+#   value     = aws_iam_access_key.prow_terraform[*].secret
+#   sensitive = true
+# }
 
 output "prow_artefacts_bucket_name" {
   value = google_storage_bucket.prow_bucket.name