Disable console login for service account (has_login = false). It is unnecessary for service account to have console login and exposes more risk. Credentials that will be used by service account can be generated through admin account.
Rename bot to infra-service-account, since this name is more accurate describe why we need this account
Set depends_on attribute to group_membership. Without depends_on there was an error when we tried to add new user, it said that user wasn't created yet.
Refactor group_membership to be set through forloop, to make it easier change attributes (otherwise we had to set same depends_on for all three memberships).
Proof Of Work 📹
TF plan can be run and applied without any errors:
What happened 👀
List of implemented improvements:
has_login = false). It is unnecessary for service account to have console login and exposes more risk. Credentials that will be used by service account can be generated through admin account.bottoinfra-service-account, since this name is more accurate describe why we need this accountdepends_onattribute togroup_membership. Withoutdepends_onthere was an error when we tried to add new user, it said that user wasn't created yet.group_membershipto be set through forloop, to make it easier change attributes (otherwise we had to set samedepends_onfor all three memberships).Proof Of Work 📹
TF plan can be run and applied without any errors: