Identity and Access Management (IAM)

https://docs.localstack.cloud/user-guide/aws/iam/

Get started with AWS Identity and Access Management (IAM) on LocalStack

macuser03@macuser03noMacBook-Pro aws % awslocal sts get-caller-identity               
{
    "UserId": "AKIAIOSFODNN7EXAMPLE",
    "Account": "000000000000",
    "Arn": "arn:aws:iam::000000000000:root"
}
macuser03@macuser03noMacBook-Pro aws % awslocal iam create-user --user-name test

{
    "User": {
        "Path": "/",
        "UserName": "test",
        "UserId": "rwfd0utukf1vgg6gnx50",
        "Arn": "arn:aws:iam::000000000000:user/test",
        "CreateDate": "2024-08-30T05:09:14.559000+00:00"
    }
}
macuser03@macuser03noMacBook-Pro aws % awslocal iam create-access-key --user-name test
{
    "AccessKey": {
        "UserName": "test",
        "AccessKeyId": "LKIAQAAAAAAANOJADRJ6",
        "Status": "Active",
        "SecretAccessKey": "Sw1QszfehI0mN9/RKPzodz8+UbwOv/5/B3C4K/HM",
        "CreateDate": "2024-08-30T05:09:34+00:00"
    }
}```

```bash
export AWS_ACCESS_KEY_ID=LKIAQAAAAAAAGFWKCM5F AWS_SECRET_ACCESS_KEY=DUulXk2N2yD6rgoBBR9A/5iXa6dBcLyDknr925Q5
awslocal sts get-caller-identity
{
    "UserId": "b2yxf5g824zklfx5ry8o",
    "Account": "000000000000",
    "Arn": "arn:aws:iam::000000000000:user/test"
}

localstack ec2

docker image

localstack-ec2/amazonlinux-2023:ami-024f768332f0

fb54c5758c5b

awslocal ec2 run-instances –image-id ami-024f768332f0 –instance-type t2.micro 启动docker模拟的ec2

然后再执行terraform创建ec2资源

tofu init
tofu plan
tofu appy -auto-approve
tofu destroy -auto-approve

tofu apply -auto-approve
...
aws_iam_policy.ec2_policy: Creating...
aws_kms_key.main[0]: Creating...
aws_iam_role.ec2_dynamodb_role: Creating...
aws_vpc.main: Creating...
aws_s3_bucket.main: Creating...
aws_iam_policy.ec2_policy: Creation complete after 0s [id=arn:aws:iam::000000000000:policy/ec2_policy]
aws_iam_role.ec2_dynamodb_role: Creation complete after 0s [id=ec2_dynamodbrole]
aws_iam_role_policy_attachment.ec2_attach: Creating...
aws_iam_instance_profile.ec2_profile: Creating...
aws_iam_role_policy_attachment.ec2_attach: Creation complete after 0s [id=ec2_dynamodbrole-20240830080314458000000001]
aws_vpc.main: Creation complete after 1s [id=vpc-b08d89b1]
aws_iam_instance_profile.ec2_profile: Creation complete after 1s [id=ec2_profile]
aws_subnet.vpc_private_subnet: Creating...
aws_security_group.allow_icmp: Creating...
aws_subnet.vpc_private_subnet: Creation complete after 0s [id=subnet-973cc9f9]
aws_network_interface.main: Creating...
aws_s3_bucket.main: Creation complete after 1s [id=terraform-aws-s3-bucket]
aws_s3_bucket_public_access_block.main: Creating...
aws_s3_bucket_acl.main: Creating...
aws_s3_bucket_versioning.main: Creating...
aws_network_interface.main: Creation complete after 0s [id=eni-3a47f2d0]
aws_s3_bucket_public_access_block.main: Creation complete after 0s [id=terraform-aws-s3-bucket]
aws_s3_bucket_acl.main: Creation complete after 0s [id=terraform-aws-s3-bucket,private]
aws_instance.main: Creating...
aws_security_group.allow_icmp: Creation complete after 0s [id=sg-46c84f24928043bc8]
aws_s3_bucket_versioning.main: Creation complete after 1s [id=terraform-aws-s3-bucket]
aws_kms_key.main[0]: Creation complete after 4s [id=74328788-28e5-4eaa-9109-4d0dbb4f0e71]
aws_s3_bucket_server_side_encryption_configuration.main: Creating...
aws_dynamodb_table.main: Creating...
aws_s3_bucket_server_side_encryption_configuration.main: Creation complete after 0s [id=terraform-aws-s3-bucket]
aws_dynamodb_table.main: Creation complete after 1s [id=mydynamodb]
aws_instance.main: Still creating... [10s elapsed]
aws_instance.main: Creation complete after 14s [id=i-c346779ddf110563f]

Apply complete! Resources: 16 added, 0 changed, 0 destroyed.

tofu destroy --auto-approve
...

aws_s3_bucket_versioning.main: Destroying... [id=terraform-aws-s3-bucket]
aws_iam_role_policy_attachment.ec2_attach: Destroying... [id=ec2_dynamodbrole-20240830075549284700000001]
aws_s3_bucket_public_access_block.main: Destroying... [id=terraform-aws-s3-bucket]
aws_s3_bucket_server_side_encryption_configuration.main: Destroying... [id=terraform-aws-s3-bucket]
aws_s3_bucket_acl.main: Destroying... [id=terraform-aws-s3-bucket,private]
aws_security_group.allow_icmp: Destroying... [id=sg-4beb7c254409fdc9a]
aws_network_interface.main: Destroying... [id=eni-69b79b35]
aws_dynamodb_table.main: Destroying... [id=mydynamodb]
aws_s3_bucket_acl.main: Destruction complete after 0s
aws_s3_bucket_public_access_block.main: Destruction complete after 0s
aws_s3_bucket_server_side_encryption_configuration.main: Destruction complete after 0s
aws_iam_role_policy_attachment.ec2_attach: Destruction complete after 0s
aws_s3_bucket_versioning.main: Destruction complete after 0s
aws_network_interface.main: Destruction complete after 0s
aws_iam_policy.ec2_policy: Destroying... [id=arn:aws:iam::000000000000:policy/ec2_policy]
aws_iam_role.ec2_dynamodb_role: Destroying... [id=ec2_dynamodbrole]
aws_subnet.vpc_private_subnet: Destroying... [id=subnet-a6bccad6]
aws_s3_bucket.main: Destroying... [id=terraform-aws-s3-bucket]
aws_iam_policy.ec2_policy: Destruction complete after 0s
aws_s3_bucket.main: Destruction complete after 0s
aws_security_group.allow_icmp: Destruction complete after 0s
aws_iam_role.ec2_dynamodb_role: Destruction complete after 0s
aws_subnet.vpc_private_subnet: Destruction complete after 0s
aws_vpc.main: Destroying... [id=vpc-7da8ee1d]
aws_dynamodb_table.main: Destruction complete after 0s
aws_kms_key.main[0]: Destroying... [id=cff4b10a-972b-4df4-acea-beb3e313a357]
aws_vpc.main: Destruction complete after 0s
aws_kms_key.main[0]: Destruction complete after 0s

Destroy complete! Resources: 14 destroyed.