Adding non-admin user
So we are trying to add a developer to our reference arch using the following from the ref arch docs linked [here](https://docs.gruntwork.io/guides/reference-architecture/example-usage-guide/authenticate/setting-up-initial-access) ``` bill.bob: create_access_keys: false create_login_profile: true groups: - _account.dev-dev - _account.logs-read-only - _account.prod-dev - _account.shared-dev - _account.staging-dev - ssh-grunt-users - iam-user-self-mgmt pgp_key: keybase:billybob1239012 ``` The group iam-user-self-mgmt doesn't seem to get created in the ref arch we just had setup. We are seeing ``` [ecs-deploy-runner][2022-04-28T13:26:35+0000] │ Error: NoSuchEntity: The group with name iam-user-self-mgmt cannot be found. [ecs-deploy-runner][2022-04-28T13:26:35+0000] │ status code: 404, request id: 8ab29054-ca0f-4249-a187-a4d74cdbfc15 [ecs-deploy-runner][2022-04-28T13:26:35+0000] │ [ecs-deploy-runner][2022-04-28T13:26:35+0000] │ with module.security_baseline.module.iam_users.aws_iam_user_group_membership.group_memberships["carlos.bautista"], [ecs-deploy-runner][2022-04-28T13:26:35+0000] │ on .terraform/modules/security_baseline.iam_users/modules/iam-users/main.tf line 36, in resource "aws_iam_user_group_membership" "group_memberships": [ecs-deploy-runner][2022-04-28T13:26:35+0000] │ 36: resource "aws_iam_user_group_membership" "group_memberships" { [ecs-deploy-runner][2022-04-28T13:26:35+0000] │ [ecs-deploy-runner][2022-04-28T13:26:35+0000] ╵ ``` --- <ins datetime="2022-04-28T13:45:31Z"> <p><a href="https://gruntwork.zendesk.com/agent/tickets/108520">Tracked in ticket #108520</a></p> </ins>
In the CIS ref arch, we don't create this IAM group by default. You can enable it by setting the `should_create_iam_group_user_self_mgmt = true` in the `terragrunt.hcl` file of the `account-baseline` call in the `security` account.