Terraform module to create AWS IAM Role.
Terraform module to create AWS IAM Role. Currently supported type of Roles are:
This module will only create an IAM Role and its Trust Relationships policy document. You need to attach your own Permission policy document outside the module.
To use a particular type of supported role, you can go into modules
folder and read README.md
at each subfolder for more detailed information.
To understand better on how to implement this module, you can go into examples
folder and try them.
To run the test:
gem install bundler
bundle install
bundle exec kitchen test
This module was created using Terraform 0.11.4. The latest stable version of Terraform which this module tested working is Terraform 1.0.8 on 30/09/2021
Name | Version |
---|---|
terraform | >= 0.13 |
Name | Version |
---|---|
aws | n/a |
No modules.
Name | Type |
---|---|
aws_iam_role.this | resource |
aws_caller_identity.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
environment | Will be used in Environment tag | string |
n/a | yes |
product_domain | Abbreviation of the product domain the created resources belong to | string |
n/a | yes |
region | The region from which this module will be executed | string |
"ap-southeast-1" |
no |
role_assume_policy | IAM policy document that grants an entity permission to assume the role in JSON format. | string |
n/a | yes |
role_description | The description of the role. | string |
n/a | yes |
role_force_detach_policies | Specifies to force detaching any policies the role has before destroying it. | bool |
false |
no |
role_max_session_duration | The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | number |
3600 |
no |
role_name | The name of the role. It will forces new resource on change. | string |
n/a | yes |
role_path | The path to the role. See https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html for more information. | string |
"/" |
no |
role_permission_boundary | IAM policy ARN limiting the maximum access this role can have | string |
"" |
no |
role_tags | Additional tags to be put on iam role | map(string) |
{} |
no |
Name | Description |
---|---|
aws_account_id | The AWS Account ID number of the account that owns or contains the calling entity. |
aws_caller_arn | The AWS ARN associated with the calling entity. |
aws_caller_user_id | The unique identifier of the calling entity. |
role_arn | The Amazon Resource Name (ARN) specifying the role. |
role_create_date | The creation date of the IAM role. |
role_description | The description of the role. |
role_name | The name of the role. |
role_unique_id | The stable and unique string identifying the role. |
Apache 2 Licensed. See LICENSE for full details.