Skip to content
This repository has been archived by the owner on Oct 6, 2023. It is now read-only.

Commit

Permalink
Added initial implementation of Managed Policy module
Browse files Browse the repository at this point in the history
  • Loading branch information
rdunn-Hypr committed Jul 7, 2021
1 parent 468857e commit 1fca07c
Show file tree
Hide file tree
Showing 4 changed files with 115 additions and 0 deletions.
31 changes: 31 additions & 0 deletions managed-policy/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
data "aws_iam_role" "selected" {
count = var.create_role ? 0 : 1

name = var.role_name
}

resource "aws_iam_role" "this" {
count = var.create_role ? 1 : 0

name = var.role_name
description = var.role_description

assume_role_policy = var.assume_role_policy_json
max_session_duration = var.role_max_session_duration

tags = var.tags
}


module "policy" {
source = "../resources/policy"
policy_name = var.policy_name
policy_description = var.policy_description
policy_document = var.policy_document_json
}

resource "aws_iam_role_policy_attachment" "this" {
role = var.create_role ? aws_iam_role.this[0].name : var.role_name
policy_arn = module.policy.policy_arn
}

23 changes: 23 additions & 0 deletions managed-policy/ouputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
output "policy_name" {
description = "The name of the policy created"
value = module.policy.policy_name
}


output "policy_arn" {
description = "The name of the policy created"
value = module.policy.policy_arn
}

output "role_name" {
description = "The name of the role created"
value = var.role_name
}

output "role_arn" {
value = var.create_role ? aws_iam_role.this[0].arn : data.aws_iam_role.selected[0].arn
}

output "is_new_role" {
value = var.create_role ? true : false
}
51 changes: 51 additions & 0 deletions managed-policy/vars.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
variable "create_role" {
type = bool
description = "Controls if the role should be created or should reference an already existing role."
default = true
}

variable "role_name" {
type = string
description = "The role name to bind the policy to."
}

variable "role_description" {
type = string
description = "The description for the role. Only used if `create_role` is `true`."
default = ""
}

variable "assume_role_policy_json" {
type = string
description = "The assume role Json policy. Only used if `create_role` is `true`."
default = ""
}

variable "role_max_session_duration" {
type = number
description = "Maximum session duration (in seconds) that you want to set for the specified role. Only used if `create_role` is `true`."
default = 3600
}

variable "policy_name" {
description = "The name of the policy to create"
}

variable "policy_description" {
description = "A description of the policy"
default = ""
}

variable "policy_document_json" {
description = "JSON policy document"
}



variable "tags" {
description = "Additional tags to add to IAM Role Resource."
type = map(any)
default = {}
}


10 changes: 10 additions & 0 deletions managed-policy/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = ">= 0.12.31"

required_providers {
aws = {
source : "hashicorp/aws",
version : ">= 3.38.0"
}
}
}

0 comments on commit 1fca07c

Please sign in to comment.