Controlling IAM Users, Roles and Policies are always critical from a security aspect. Right management of the IAM User, IAM Roles and IAM Policies can certainly upgrade the operational burden as well as the security of the AWS environment. Below is an example of how you can use Terraform to manage AWS IAM policies, roles, and users.

1. Install Terraform:
Download and install Terraform from the official website: https://www.terraform.io/downloads.html

Make sure it's properly installed by running terraform version in your terminal or command prompt.

2. Set up AWS credentials:
Obtain your AWS access key ID and secret access key from the AWS Management Console.

Set them as environment variables in your operating system:

export AWS_ACCESS_KEY_ID="your_access_key"

export AWS_SECRET_ACCESS_KEY="your_secret_key"

3. Create a new Terraform configuration file (e.g., main.tf) and open it with a text editor.

4. Configure the AWS provider:
provider "aws" {

  region = "us-west-2"  # Replace with your desired AWS region

}

5. Define an IAM policy:
resource "aws_iam_policy" "example_policy" {

  name        = "example-policy"

  description = "Example IAM policy"



  policy = <<EOF

  {

    "Version": "2012-10-17",

    "Statement": [

      {

        "Effect": "Allow",

        "Action": ["s3:ListBucket"],

        "Resource": ["arn:aws:s3:::example-bucket"]

      },

      {

        "Effect": "Allow",

        "Action": ["s3:GetObject"],

        "Resource": ["arn:aws:s3:::example-bucket/*"]

      }

    ]

  }

  EOF

}

6. Define an IAM role:
resource "aws_iam_role" "example_role" {

  name               = "example-role"

  assume_role_policy = <<EOF

  {

    "Version": "2012-10-17",

    "Statement": [

      {

        "Effect": "Allow",

        "Principal": {

          "Service": "ec2.amazonaws.com"

        },

        "Action": "sts:AssumeRole"

      }

    ]

  }

  EOF

}

7. Attach the IAM policy to the role:
resource "aws_iam_role_policy_attachment" "example_attachment" {

  policy_arn = aws_iam_policy.example_policy.arn

  role       = aws_iam_role.example_role.name

}

8. Define an IAM user:
resource "aws_iam_user" "example_user" {

  name = "example-user"

}

9. Attach the IAM policy to the user:
resource "aws_iam_user_policy_attachment" "example_user_attachment" {

  user       = aws_iam_user.example_user.name

  policy_arn = aws_iam_policy.example_policy.arn

}

10. Save the Terraform configuration file.

11. Initialize the Terraform working directory:
terraform init

12. Preview the changes:
terraform plan

13. Apply the changes and create/update the resources:
terraform apply

That's it! Terraform will now provision the IAM policy, role, and user in your AWS account based on the provided configuration. You can modify the configuration as needed, and Terraform will manage the resources accordingly.