-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
57 lines (48 loc) · 2.24 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
variable "role_name" {
description = "The name of the IAM role to create. If nothing is passed, the default name of 'AWSGithubActionsRunner' is used"
type = string
default = "AWSGithubActionsRunner"
}
variable "role_path" {
description = "Path to the IAM role if not using the root (default) path. Defaults to '/'"
type = string
default = "/"
}
variable "repository_name" {
description = "The repository name in the format of <repoorg/reponame> to grant access to the IAM role. For example, for adhoc repos it would be adhocteam/my-amazing-repository. Required if custom_repository_identifiers is not set."
type = string
default = ""
}
variable "repository_access_type" {
description = "Level of access to grant the repository. Set to 'branch' to grant access to only one branch or 'all' to grant access to all branches. Defaults to 'all'"
type = string
default = "all"
}
variable "repository_access_branch" {
description = "The branch name that is allowed to use the IAM role. Required if repository_access_type is set to 'branch'."
type = string
default = ""
}
variable "custom_repository_identifiers" {
description = "List of custom repository identifiers to attach to the assume role policy instead. For advanced users. This overwrties the repository variables. The list must contain full 'repo:' line instead of the short name. Can accept multiple lines for multiple repositories and/or branch rules."
type = list(string)
default = null
}
variable "preset_permission_level" {
description = "Preset permission level to attach to the IAM role. Can be either 'FullAdministrator', 'PowerUserWithIAM', 'PowerUser', or 'None'. Defaults to 'None'"
type = string
default = "None"
}
variable "extra_iam_policies" {
description = "Optional list of IAM policy JSON encoded strings to attach as inline role policies to the new role. When creating multiple policies, the policy name must not overlap."
type = list(object({
policy_name = string
policy_object = string
}))
default = []
}
variable "extra_iam_policy_attachments" {
description = "Optional list of IAM policy ARNs to attach to the role."
type = list(string)
default = []
}