chore(e2e): Always destroy iam user (#6477)

* chore(e2e): Always destroy iam user * chore(e2e): Update service user terraform
2 months ago · 3f1dd3ab2a
parent eeee51dca5
commit 3f1dd3ab2a
3 changed files with 9 additions and 4 deletions
--- a/enos/ci/service-user-iam/main.tf
+++ b/enos/ci/service-user-iam/main.tf
@ -171,6 +171,7 @@ data "aws_iam_policy_document" "enos_policy_document" {
      "iam:CreateUserTag",
      "iam:DeleteAccessKey",
      "iam:DeleteInstanceProfile",
+      "iam:DeleteLoginProfile",
      "iam:DeletePolicy",
      "iam:DeleteRole",
      "iam:DeleteRole",
@ -191,16 +192,22 @@ data "aws_iam_policy_document" "enos_policy_document" {
      "iam:ListPolicyVersions",
      "iam:ListAccessKeys",
      "iam:ListAttachedRolePolicies",
+      "iam:ListAttachedUserPolicies",
      "iam:ListGroupsForUser",
      "iam:ListInstanceProfiles",
      "iam:ListInstanceProfilesForRole",
+      "iam:ListMFADevices",
      "iam:ListPolicies",
      "iam:ListRolePolicies",
      "iam:ListRoles",
      "iam:ListRoles",
+      "iam:ListServiceSpecificCredentials",
+      "iam:ListSigningCertificates",
+      "iam:ListSSHPublicKeys",
      "iam:ListUserPolicies",
      "iam:ListUsers",
      "iam:ListUserTags",
+      "iam:ListVirtualMFADevices",
      "iam:PassRole",
      "iam:PutRolePolicy",
      "iam:PutUserPolicy",
--- a/enos/ci/service-user-iam/service-quotas.tf
+++ b/enos/ci/service-user-iam/service-quotas.tf
@ -26,7 +26,7 @@ resource "aws_servicequotas_service_quota" "vpcs_per_region_us_east_2" {
  provider     = aws.us_east_2
  quota_code   = local.subnets_per_vpc
  service_code = "vpc"
-  value        = 50
+  value        = 100
 }

 resource "aws_servicequotas_service_quota" "rds_subnet_groups_us_east_2" {
--- a/enos/modules/aws_iam_setup/main.tf
+++ b/enos/modules/aws_iam_setup/main.tf
@ -21,9 +21,7 @@ resource "aws_iam_user" "boundary" {
  name                 = "demo-${local.user_email}-${var.test_id}"
  tags                 = { boundary-demo = local.user_email }
  permissions_boundary = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/DemoUser"
-  # If credential rotation is used, this is necessary to delete the user since a new access
-  # key will be generated.
-  force_destroy = var.enable_credential_rotation ? true : false
+  force_destroy        = true
 }

 resource "aws_iam_user_policy" "boundary" {