/terraform-aws-iam-role

Terraform module to create AWS IAM Role.

Primary LanguageHCLApache License 2.0Apache-2.0

terraform-aws-iam-role

Terraform Version Release Last Commit Issues Pull Requests License Open Source Love

Terraform module to create AWS IAM Role. Currently supported type of Roles are:

  1. Role for AWS Service
  2. Role for IAM User
  3. Role for External AWS Account
  4. Role for Instance Profile
  5. Role for Lambda

Table of Content

Usage

This module will only create an IAM Role and its Trust Relationships policy document. You need to attach your own Permission policy document outside the module.

To use a particular type of supported role, you can go into modules folder and read README.md at each subfolder for more detailed information.

To understand better on how to implement this module, you can go into examples folder and try them.

Modules

Examples

Tests

To run the test:

  1. Install Ruby with version specified in the Gemfile.
  2. Install bundler: gem install bundler
  3. Install gems: bundle install
  4. Run test from the root of the repository: bundle exec kitchen test

Terraform Version

This module was created using Terraform 0.11.4. The latest stable version of Terraform which this module tested working is Terraform 1.0.8 on 30/09/2021

Requirements

Name Version
terraform >= 0.13

Providers

Name Version
aws n/a

Modules

No modules.

Resources

Name Type
aws_iam_role.this resource
aws_caller_identity.current data source

Inputs

Name Description Type Default Required
environment Will be used in Environment tag string n/a yes
product_domain Abbreviation of the product domain the created resources belong to string n/a yes
region The region from which this module will be executed string "ap-southeast-1" no
role_assume_policy IAM policy document that grants an entity permission to assume the role in JSON format. string n/a yes
role_description The description of the role. string n/a yes
role_force_detach_policies Specifies to force detaching any policies the role has before destroying it. bool false no
role_max_session_duration The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. number 3600 no
role_name The name of the role. It will forces new resource on change. string n/a yes
role_path The path to the role. See https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html for more information. string "/" no
role_permission_boundary IAM policy ARN limiting the maximum access this role can have string "" no
role_tags Additional tags to be put on iam role map(string) {} no

Outputs

Name Description
aws_account_id The AWS Account ID number of the account that owns or contains the calling entity.
aws_caller_arn The AWS ARN associated with the calling entity.
aws_caller_user_id The unique identifier of the calling entity.
role_arn The Amazon Resource Name (ARN) specifying the role.
role_create_date The creation date of the IAM role.
role_description The description of the role.
role_name The name of the role.
role_unique_id The stable and unique string identifying the role.

Authors

License

Apache 2 Licensed. See LICENSE for full details.