Terraform module to create AWS IAM Role. Currently supported type of Roles are:
- Role for AWS Service
- Role for IAM User
- Role for External AWS Account
- Role for Instance Profile
- Role for Lambda
This module will only create an IAM Role and its Trust Relationships policy document. You need to attach your own Permission policy document outside the module.
To use a particular type of supported role, you can go into modules folder and read README.md at each subfolder for more detailed information.
To understand better on how to implement this module, you can go into examples folder and try them.
- Service Role for Config
- IAM Role for User
- IAM Role for 3rd Party AWS Account
- IAM Role for Instance Profile
- IAM Role for Lambda
To run the test:
- Install Ruby with version specified in the Gemfile.
- Install bundler:
gem install bundler - Install gems:
bundle install - Run test from the root of the repository:
bundle exec kitchen test
This module was created using Terraform 0.11.4. The latest stable version of Terraform which this module tested working is Terraform 1.0.8 on 30/09/2021
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| Name | Version |
|---|---|
| aws | n/a |
No modules.
| Name | Type |
|---|---|
| aws_iam_role.this | resource |
| aws_caller_identity.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| environment | Will be used in Environment tag | string |
n/a | yes |
| product_domain | Abbreviation of the product domain the created resources belong to | string |
n/a | yes |
| region | The region from which this module will be executed | string |
"ap-southeast-1" |
no |
| role_assume_policy | IAM policy document that grants an entity permission to assume the role in JSON format. | string |
n/a | yes |
| role_description | The description of the role. | string |
n/a | yes |
| role_force_detach_policies | Specifies to force detaching any policies the role has before destroying it. | bool |
false |
no |
| role_max_session_duration | The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | number |
3600 |
no |
| role_name | The name of the role. It will forces new resource on change. | string |
n/a | yes |
| role_path | The path to the role. See https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html for more information. | string |
"/" |
no |
| role_permission_boundary | IAM policy ARN limiting the maximum access this role can have | string |
"" |
no |
| role_tags | Additional tags to be put on iam role | map(string) |
{} |
no |
| Name | Description |
|---|---|
| aws_account_id | The AWS Account ID number of the account that owns or contains the calling entity. |
| aws_caller_arn | The AWS ARN associated with the calling entity. |
| aws_caller_user_id | The unique identifier of the calling entity. |
| role_arn | The Amazon Resource Name (ARN) specifying the role. |
| role_create_date | The creation date of the IAM role. |
| role_description | The description of the role. |
| role_name | The name of the role. |
| role_unique_id | The stable and unique string identifying the role. |
Apache 2 Licensed. See LICENSE for full details.