data aws_partition this {}

resource "aws_iam_user" "this" {
  name          = "qualys"
  path          = "/service_accounts/"
  tags          = var.tags
  force_destroy = true
}

resource "aws_iam_access_key" "this" {
  user    = aws_iam_user.this.name
  pgp_key = var.pgp_key
}

resource "aws_iam_user_policy" "assume_role" {
  name   = "assume_role"
  user   = aws_iam_user.this.name
  policy = data.aws_iam_policy_document.assume_role.json
}

data aws_iam_policy_document "assume_role" {
  statement {
    effect  = "Allow"
    actions = ["sts:AssumeRole"]
    resources = [
      "arn:${data.aws_partition.this.partition}:iam::*:role/QualysConnectorRole",
      "arn:${data.aws_partition.this.partition}:iam::*:role/Role_For_QualysEC2Connector",
    ]
  }
}