Modernisation Platform Github Web Identity Assumable Role Module
module "github-webidentity-assumable-role" {
source = "https://github.com/ministryofjustice/modernisation-platform-github-oidc-role"
github_repositories = ["ministryofjustice/modernisation-platform-environments:*","ministryofjustice/modernisation-platform:*"]
role_name = "modernisation-platform-github-actions"
policy_arns = ["arn:aws:iam::aws:policy/AdministratorAccess"]
policy_jsons = [data.aws_iam_policy_document.first-policy.json, data.aws_iam_policy_document.second-policy.json]
tags = local.tags
}
If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.
No modules.
| Name |
Description |
Type |
Default |
Required |
| github_repositories |
The github repositories, for example ["ministryofjustice/modernisation-platform-environments:*"] |
list(string) |
n/a |
yes |
| max_session_duration |
The maximum session duration (in seconds) that you want to set for the specified role. Defaults to 3600 |
number |
3600 |
no |
| policy_arns |
List of policy ARNs for the assumable role. Defaults to ["arn:aws:iam::aws:policy/ReadOnlyAccess"] |
list(string) |
[
"arn:aws:iam::aws:policy/ReadOnlyAccess"
] |
no |
| policy_jsons |
List of policy jsons for the assumable role. Defaults to [] |
list(string) |
[] |
no |
| role_name |
Name of role |
string |
n/a |
yes |
| subject_claim |
Github OIDC subject claim, defaults to * |
string |
"*" |
no |
| tags |
Common tags to be used by all resources |
map(string) |
n/a |
yes |
