terraform/website/source/docs/providers/aws/r/iam_user.html.markdown

---
layout: "aws"
page_title: "AWS: aws_iam_user"
sidebar_current: "docs-aws-resource-iam-user"
description: |-
  Provides an IAM user.
---

# aws\_iam\_user

Provides an IAM user.

## Example Usage

```
resource "aws_iam_user" "lb" {
    name = "loadbalancer"
    path = "/system/"
}

resource "aws_iam_access_key" "lb" {
    user = "${aws_iam_user.lb.name}"
}

resource "aws_iam_user_policy" "lb_ro" {
    name = "test"
    user = "${aws_iam_user.lb.name}"
    policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ec2:Describe*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
EOF
}
```

## Argument Reference

The following arguments are supported:

* `name` - (Required) The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-.`.
* `path` - (Optional, default "/") Path in which to create the user.
* `force_destroy` - (Optional, default false) When destroying this user, destroy
  even if it has non-Terraform-managed IAM access keys. Without `force_destroy`
  a user with non-Terraform-managed access keys will fail to be destroyed.

## Attributes Reference

The following attributes are exported:

* `unique_id` - The [unique ID][1] assigned by AWS.
* `arn` - The ARN assigned by AWS for this user.

  [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html#GUIDs


## Import

IAM Users can be imported using the `name`, e.g. 

```
$ terraform import aws_iam_user.lb loadbalancer
```
Implement AWS IAM resources - Users - Groups - Roles - Inline policies for the above three - Instance profiles - Managed policies - Access keys This is most of the data types provided by IAM. There are a few things missing, but the functionality here is probably sufficient for 95% of the cases. Makes a dent in #28. 2015-02-06 16:34:24 +01:00			`---`
			`layout: "aws"`
			`page_title: "AWS: aws_iam_user"`
			`sidebar_current: "docs-aws-resource-iam-user"`
			`description: \|-`
			`Provides an IAM user.`
			`---`

			`# aws\_iam\_user`

			`Provides an IAM user.`

			`## Example Usage`

			```
			`resource "aws_iam_user" "lb" {`
			`name = "loadbalancer"`
			`path = "/system/"`
			`}`

			`resource "aws_iam_access_key" "lb" {`
			`user = "${aws_iam_user.lb.name}"`
			`}`

			`resource "aws_iam_user_policy" "lb_ro" {`
			`name = "test"`
			`user = "${aws_iam_user.lb.name}"`
			`policy = <<EOF`
			`{`
			`"Version": "2012-10-17",`
			`"Statement": [`
			`{`
			`"Action": [`
			`"ec2:Describe*"`
			`],`
			`"Effect": "Allow",`
			`"Resource": "*"`
			`}`
			`]`
			`}`
			`EOF`
			`}`
			```

			`## Argument Reference`

			`The following arguments are supported:`

provider/aws: Add validation to IAM User and Group Name This will allow us to catch errors at plan time rather than waiting for the API to tell us... Documentation for IAM User NAme Validation - http://docs.aws.amazon.com/cli/latest/reference/iam/create-user.html Documentation for IAM Group Name validation - http://docs.aws.amazon.com/cli/latest/reference/iam/create-group.html ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroup_' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... \| grep -v /terraform/vendor/) 2016/10/25 13:18:41 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_ -timeout 120m === RUN TestAccAWSIAMGroup_importBasic --- PASS: TestAccAWSIAMGroup_importBasic (13.80s) === RUN TestAccAWSIAMGroup_basic --- PASS: TestAccAWSIAMGroup_basic (23.30s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws37.121s ``` ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_' ✚ ==> Checking that code complies with gofmt requirements... go generate $(go list ./... \| grep -v /terraform/vendor/) 2016/10/25 13:22:23 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m === RUN TestAccAWSUser_importBasic --- PASS: TestAccAWSUser_importBasic (14.33s) === RUN TestAccAWSUser_basic --- PASS: TestAccAWSUser_basic (25.36s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 39.710s ``` 2016-10-25 14:18:41 +02:00			* `name` - (Required) The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-.`.
Implement AWS IAM resources - Users - Groups - Roles - Inline policies for the above three - Instance profiles - Managed policies - Access keys This is most of the data types provided by IAM. There are a few things missing, but the functionality here is probably sufficient for 95% of the cases. Makes a dent in #28. 2015-02-06 16:34:24 +01:00			* `path` - (Optional, default "/") Path in which to create the user.
provider/aws: Delete access keys before deleting IAM user (#7766) * provider/aws: Delete access keys before deleting IAM user * provider/aws: Put IAM key removal behind force_destroy option * provider/aws: Move all access key deletion under force_destroy * Add iam_user force_destroy to website * provider/aws: Improve clarity of looping over pages in delete IAM user 2016-07-25 09:15:03 +02:00			* `force_destroy` - (Optional, default false) When destroying this user, destroy
			even if it has non-Terraform-managed IAM access keys. Without `force_destroy`
			`a user with non-Terraform-managed access keys will fail to be destroyed.`
Implement AWS IAM resources - Users - Groups - Roles - Inline policies for the above three - Instance profiles - Managed policies - Access keys This is most of the data types provided by IAM. There are a few things missing, but the functionality here is probably sufficient for 95% of the cases. Makes a dent in #28. 2015-02-06 16:34:24 +01:00
			`## Attributes Reference`

			`The following attributes are exported:`

			* `unique_id` - The [unique ID][1] assigned by AWS.
			* `arn` - The ARN assigned by AWS for this user.

Use HTTPS + www. for links 2016-01-14 21:55:39 +01:00			`[1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html#GUIDs`
documentation/aws: More additions of Import documention to the AWS (#7729) resources 2016-07-21 00:28:59 +02:00

			`## Import`

			IAM Users can be imported using the `name`, e.g.

			```
			`$ terraform import aws_iam_user.lb loadbalancer`
provider/aws: Delete access keys before deleting IAM user (#7766) * provider/aws: Delete access keys before deleting IAM user * provider/aws: Put IAM key removal behind force_destroy option * provider/aws: Move all access key deletion under force_destroy * Add iam_user force_destroy to website * provider/aws: Improve clarity of looping over pages in delete IAM user 2016-07-25 09:15:03 +02:00			```