Disable console login for service account (has_login = false). It is unnecessary for service account to have console login and exposes more risk. Credentials that will be used by service account can be generated through admin account.
Rename bot to infra-service-account, since this name is more accurate describe why we need this account
Set depends_on attribute to group_membership. Without depends_on there was an error when we tried to add new user, it said that user wasn't created yet.
Refactor group_membership to be set through forloop, to make it easier change attributes (otherwise we had to set same depends_on for all three memberships).
Proof Of Work 📹
TF plan can be run and applied without any errors:
What happened 👀
List of implemented improvements:
has_login = false
). It is unnecessary for service account to have console login and exposes more risk. Credentials that will be used by service account can be generated through admin account.bot
toinfra-service-account
, since this name is more accurate describe why we need this accountdepends_on
attribute togroup_membership
. Withoutdepends_on
there was an error when we tried to add new user, it said that user wasn't created yet.group_membership
to be set through forloop, to make it easier change attributes (otherwise we had to set samedepends_on
for all three memberships).Proof Of Work 📹
TF plan can be run and applied without any errors: