Resource: aws_iam_user_login_profile

Manages an IAM User Login Profile with limited support for password creation during Terraform resource creation. Uses PGP to encrypt the password for safe transport to the user. PGP keys can be obtained from Keybase.

Example Usage

resource "aws_iam_user" "example" {
  name          = "example"
  path          = "/"
  force_destroy = true
}

resource "aws_iam_user_login_profile" "example" {
  user    = aws_iam_user.example.name
  pgp_key = "keybase:some_person_that_exists"
}

output "password" {
  value = aws_iam_user_login_profile.example.encrypted_password
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import IAM User Login Profiles without password information via the IAM User name. For example:

import {
  to = aws_iam_user_login_profile.example
  id = "myusername"
}

Using terraform import, import IAM User Login Profiles without password information via the IAM User name. For example:

% terraform import aws_iam_user_login_profile.example myusername

Since Terraform has no method to read the PGP or password information during import, use the Terraform resource lifecycle configuration block ignore_changes argument to ignore them (unless you want to recreate a password). For example:

resource "aws_iam_user_login_profile" "example" {
  # ... other configuration ...

  lifecycle {
    ignore_changes = [
      password_length,
      password_reset_required,
      pgp_key,
    ]
  }
}