This repository has been archived by the owner on Oct 6, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added initial implementation of Managed Policy module
- Loading branch information
1 parent
468857e
commit 1fca07c
Showing
4 changed files
with
115 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
data "aws_iam_role" "selected" { | ||
count = var.create_role ? 0 : 1 | ||
|
||
name = var.role_name | ||
} | ||
|
||
resource "aws_iam_role" "this" { | ||
count = var.create_role ? 1 : 0 | ||
|
||
name = var.role_name | ||
description = var.role_description | ||
|
||
assume_role_policy = var.assume_role_policy_json | ||
max_session_duration = var.role_max_session_duration | ||
|
||
tags = var.tags | ||
} | ||
|
||
|
||
module "policy" { | ||
source = "../resources/policy" | ||
policy_name = var.policy_name | ||
policy_description = var.policy_description | ||
policy_document = var.policy_document_json | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "this" { | ||
role = var.create_role ? aws_iam_role.this[0].name : var.role_name | ||
policy_arn = module.policy.policy_arn | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
output "policy_name" { | ||
description = "The name of the policy created" | ||
value = module.policy.policy_name | ||
} | ||
|
||
|
||
output "policy_arn" { | ||
description = "The name of the policy created" | ||
value = module.policy.policy_arn | ||
} | ||
|
||
output "role_name" { | ||
description = "The name of the role created" | ||
value = var.role_name | ||
} | ||
|
||
output "role_arn" { | ||
value = var.create_role ? aws_iam_role.this[0].arn : data.aws_iam_role.selected[0].arn | ||
} | ||
|
||
output "is_new_role" { | ||
value = var.create_role ? true : false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
variable "create_role" { | ||
type = bool | ||
description = "Controls if the role should be created or should reference an already existing role." | ||
default = true | ||
} | ||
|
||
variable "role_name" { | ||
type = string | ||
description = "The role name to bind the policy to." | ||
} | ||
|
||
variable "role_description" { | ||
type = string | ||
description = "The description for the role. Only used if `create_role` is `true`." | ||
default = "" | ||
} | ||
|
||
variable "assume_role_policy_json" { | ||
type = string | ||
description = "The assume role Json policy. Only used if `create_role` is `true`." | ||
default = "" | ||
} | ||
|
||
variable "role_max_session_duration" { | ||
type = number | ||
description = "Maximum session duration (in seconds) that you want to set for the specified role. Only used if `create_role` is `true`." | ||
default = 3600 | ||
} | ||
|
||
variable "policy_name" { | ||
description = "The name of the policy to create" | ||
} | ||
|
||
variable "policy_description" { | ||
description = "A description of the policy" | ||
default = "" | ||
} | ||
|
||
variable "policy_document_json" { | ||
description = "JSON policy document" | ||
} | ||
|
||
|
||
|
||
variable "tags" { | ||
description = "Additional tags to add to IAM Role Resource." | ||
type = map(any) | ||
default = {} | ||
} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
terraform { | ||
required_version = ">= 0.12.31" | ||
|
||
required_providers { | ||
aws = { | ||
source : "hashicorp/aws", | ||
version : ">= 3.38.0" | ||
} | ||
} | ||
} |