Support creating new IAM users in IAM module

Why

Currently, we are still creating IAM groups & accounts manually from the AWS console. We should support creating them with Terraform.

Typically, the following groups should be created

Admins: admin access
Developers:
- PowerUser access
- Additional custom policies must be created so the users of this group can
- Manage their access key: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#access-keys_required-permissions
- Manage their own MFA: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_my-sec-creds-self-manage-mfa-only.html

Bots:

No console access

Additional Policy to allow manage roles & policies, e.g.

{
"Version": "2012-10-17",
"Statement": [
{
    "Sid": "AllowManageRoleAndPolicy",
    "Effect": "Allow",
    "Action": [
        "iam:UpdateRoleDescription",
        "iam:UpdateRole",
        "iam:UpdateAssumeRolePolicy",
        "iam:UntagUser",
        "iam:UntagServerCertificate",
        "iam:UntagSAMLProvider",
        "iam:UntagRole",
        "iam:UntagPolicy",
        "iam:UntagOpenIDConnectProvider",
        "iam:UntagMFADevice",
        "iam:UntagInstanceProfile",
        "iam:TagUser",
        "iam:TagServerCertificate",
        "iam:TagSAMLProvider",
        "iam:TagRole",
        "iam:TagPolicy",
        "iam:TagOpenIDConnectProvider",
        "iam:TagMFADevice",
        "iam:TagInstanceProfile",
        "iam:SimulatePrincipalPolicy",
        "iam:SimulateCustomPolicy",
        "iam:SetDefaultPolicyVersion",
        "iam:RemoveRoleFromInstanceProfile",
        "iam:PutRolePolicy",
        "iam:PutRolePermissionsBoundary",
        "iam:PassRole",
        "iam:ListVirtualMFADevices",
        "iam:ListUsers",
        "iam:ListUserTags",
        "iam:ListUserPolicies",
        "iam:ListSigningCertificates",
        "iam:ListServiceSpecificCredentials",
        "iam:ListServerCertificates",
        "iam:ListServerCertificateTags",
        "iam:ListSSHPublicKeys",
        "iam:ListSAMLProviders",
        "iam:ListSAMLProviderTags",
        "iam:ListRoles",
        "iam:ListRoleTags",
        "iam:ListRolePolicies",
        "iam:ListPolicyVersions",
        "iam:ListPolicyTags",
        "iam:ListPoliciesGrantingServiceAccess",
        "iam:ListPolicies",
        "iam:ListOpenIDConnectProviders",
        "iam:ListOpenIDConnectProviderTags",
        "iam:ListMFADevices",
        "iam:ListMFADeviceTags",
        "iam:ListInstanceProfilesForRole",
        "iam:ListInstanceProfiles",
        "iam:ListInstanceProfileTags",
        "iam:ListGroupsForUser",
        "iam:ListGroups",
        "iam:ListGroupPolicies",
        "iam:ListEntitiesForPolicy",
        "iam:ListAttachedUserPolicies",
        "iam:ListAttachedRolePolicies",
        "iam:ListAttachedGroupPolicies",
        "iam:ListAccountAliases",
        "iam:ListAccessKeys",
        "iam:GetServiceLinkedRoleDeletionStatus",
        "iam:GetRolePolicy",
        "iam:GetRole",
        "iam:GetPolicyVersion",
        "iam:GetPolicy",
        "iam:GetLoginProfile",
        "iam:GetAccountSummary",
        "iam:DetachRolePolicy",
        "iam:DeleteServiceLinkedRole",
        "iam:DeleteRolePolicy",
        "iam:DeleteRolePermissionsBoundary",
        "iam:DeleteRole",
        "iam:DeletePolicyVersion",
        "iam:DeletePolicy",
        "iam:CreateServiceLinkedRole",
        "iam:CreateRole",
        "iam:CreatePolicyVersion",
        "iam:CreatePolicy",
        "iam:AttachRolePolicy",
        "iam:AddRoleToInstanceProfile"
    ],
    "Resource": "arn:aws:iam::*"
}
]
}

The users should be created and assigned to the appropriate groups.

The bot account will be used by Terraform Cloud to provide the infrastructure.
PR for reference: https://github.com/easyhoteluk/aws-infrastructure/pull/107/files (credit to @bterone)

Who Benefits?

Developers

nimblehq / infrastructure-templates

Support creating new IAM users in IAM module #160

Why

Who Benefits?