adding mvp terraform config for aws iam resources

[chelseybeck]

Resolves this issue

This is a minimum configuration for using Terraform to create IAM resources in AWS. Apologies for the long PR, but w/ this initial setup it just made sense to do it all at once. 😸

Overview:

• 📁 terraform
  • 📁 aws-custom-policies - JSON configurations for customer-managed policies (AWS-managed policies are referenced by ARN and not needed here). Permission levels 2, 3, & 4 need policies created according to this discussion
    • 📄 level-2-project-admin-policy.json
    • 📄 level-3-ops-mentor-policy.json
    • 📄 level-4-iam-services-admin-policy.json
    • 📁 existing-policies - a few of our current policy configurations for reference
  • 📁 modules - reusable Terraform configurations
  • 📄 aws-custom-policies.tf - maintain custom policies here
  • 📄 aws-groups.tf - maintain groups here
  • 📄 aws-users.tf - maintain users here

View the branch

---

This is now a working solution. If an apply ran right now, it would create a new group with readonly permissions, create a user 'gwenstacy', and assign the user to the group. I'd like to get this merged to main as a basis for adding resources.

[chelseybeck]

@nyarly I'd like your feedback if you have a chance to review...we will discuss more in depth at next ops meeting

[nyarly]

Overall, a really nice skeleton. I'd love to see policies filled in and this started to be applied ASAP.

As a separate issue, modernizing existing config should get recorded, so that the manual references to policies or users that already exist can be removed eventually. Not difficult, just a tedious process of finding users and terraform importing them.

[chelseybeck]

Overall, a really nice skeleton. I'd love to see policies filled in and this started to be applied ASAP.

As a separate issue, modernizing existing config should get recorded, so that the manual references to policies or users that already exist can be removed eventually. Not difficult, just a tedious process of finding users and terraform importing them.

Thanks, @nyarly 😄

Completely agree on all points. I was thinking that importing existing IAM resources would make good issues for members to work on after getting Terraform set up and working on a few first issues

[nyarly]

Looks real good! 💪