Merge pull request #2 from jarden-digital/feature/JSONpolicy

Thanks @shikhaFNZC
hyprnz · Mar 30, 2021 · 9879f45 · 9879f45
2 parents 01a1973 + 76a54f4
commit 9879f45
Show file tree

Hide file tree

Showing 19 changed files with 306 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -8,6 +8,7 @@ These include
 * [Policy to Group](./policy-to-group/README.md) - Creates an IAM policy and group and created the attachment between them.
 * [Policy to Role](./policy-to-role/README.md) - Creates an IAM policy and attaches it with an existing Role.
 * [User to Group](./user-to-group/README.md) - Creates an IAM user and adds user to a list of groups.
+* [Managed Role](./managed-role/README.md) - Creates an IAM role and attaches the policy to it.
 
 ## ADR's
 

diff --git a/examples/managed_role/.gitignore b/examples/managed_role/.gitignore
@@ -0,0 +1 @@
+terraform.tfvars
diff --git a/examples/managed_role/main.tf b/examples/managed_role/main.tf
@@ -0,0 +1,16 @@
+module "example" {
+  source = "../../managed-role"
+
+  providers = {
+    aws = aws
+  }
+  policy_name                 = var.policy_name
+  policy_description          = var.policy_description
+  policy_document             = jsonencode(var.policy_document)
+  role_name                   = var.role_name
+  assume_role_policy_document = jsonencode(var.assume_role_policy_document) 
+  tags                        = var.tags
+}
+provider "aws" {
+  region = var.region
+}
diff --git a/examples/managed_role/vars.tf b/examples/managed_role/vars.tf
@@ -0,0 +1,32 @@
+
+variable "region" {
+  type = string  
+  default = "ap-southeast-2"
+}
+
+variable "policy_name" {
+  description = "The name of the policy to create"
+}
+
+variable "policy_description" {
+  description = "A description of the policy"
+  default     = ""
+}
+
+variable "policy_document" {
+  description = "JSON policy document"
+}
+
+variable "assume_role_policy_document" {
+  description = "Json policy document"
+}
+
+variable "tags" {
+  description = "Additional tags to add to IAM Role Resource."
+  type        = map(any)
+  default     = {}
+}
+
+variable "role_name" {
+  description = "The name of the role"
+}
diff --git a/managed-role/README.md b/managed-role/README.md
@@ -0,0 +1,36 @@
+## Terraform Managed role module
+
+This module creates an IAM role and attaches the policy to it.. It uses role and policy modules to create the resources. Refer Resources section for more details.
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.26 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| assume\_role\_policy\_document | Json policy document | `any` | n/a | yes |
+| policy\_description | A description of the policy | `string` | `""` | no |
+| policy\_document | JSON policy document | `any` | n/a | yes |
+| policy\_name | The name of the policy to create | `any` | n/a | yes |
+| role\_name | The name of the role | `any` | n/a | yes |
+| tags | Additional tags to add to IAM Role Resource. | `map(any)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| policy\_arn | The arn of the policy created |
+| policy\_name | The name of the policy created |
+| role\_arn | The arn of the role created |
+| role\_name | The name of the role created |
+
diff --git a/managed-role/main.tf b/managed-role/main.tf
@@ -0,0 +1,20 @@
+module "role" {
+  source                      = "../resources/role"
+  role_name                   = var.role_name
+  assume_role_policy_document = var.assume_role_policy_document
+  tags                        = var.tags
+}
+
+
+module "policy" {
+  source             = "../resources/policy"
+  policy_name        = var.policy_name
+  policy_description = var.policy_description
+  policy_document    = var.policy_document
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = module.role.role_name
+  policy_arn = module.policy.policy_arn
+}
+
diff --git a/managed-role/outputs.tf b/managed-role/outputs.tf
@@ -0,0 +1,22 @@
+output "policy_name" {
+  description = "The name of the policy created"
+  value       = module.policy.policy_name
+}
+
+
+output "policy_arn" {
+  description = "The arn of the policy created"
+  value       = module.policy.policy_arn
+}
+
+
+output "role_arn" {
+  description = "The arn of the role created"
+  value       = module.role.role_arn
+}
+
+
+output "role_name" {
+  description = "The name of the role created"
+  value       = module.role.role_name
+}
diff --git a/managed-role/vars.tf b/managed-role/vars.tf
@@ -0,0 +1,28 @@
+variable "policy_name" {
+  description = "The name of the policy to create"
+}
+
+variable "policy_description" {
+  description = "A description of the policy"
+  default     = ""
+}
+
+variable "policy_document" {
+  description = "JSON policy document"
+}
+
+variable "assume_role_policy_document" {
+  description = "Json policy document"
+}
+
+variable "tags" {
+  description = "Additional tags to add to IAM Role Resource."
+  type        = map(any)
+  default     = {}
+}
+
+variable "role_name" {
+  description = "The name of the role"
+}
+
+
diff --git a/managed-role/versions.tf b/managed-role/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 0.12.26"
+
+  required_providers {
+    aws = {
+      source : "hashicorp/aws",
+      required_version : ">= 3.21.0"
+    }
+  }
+}
diff --git a/resources/policy/README.md b/resources/policy/README.md
@@ -0,0 +1,30 @@
+## Terraform Policy module
+
+This module creates an IAM Policy with the provided policy document.
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.26 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| policy\_description | A description of the policy | `string` | `""` | no |
+| policy\_document | JSON policy document | `any` | n/a | yes |
+| policy\_name | The name of the policy to create | `any` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| policy\_arn | The name of the policy created |
+| policy\_name | The name of the policy created |
+
diff --git a/resources/policy/main.tf b/resources/policy/main.tf
@@ -0,0 +1,8 @@
+
+resource "aws_iam_policy" "this" {
+  name        = var.policy_name
+  description = var.policy_description
+  path        = "/"
+  policy      = var.policy_document
+}
+
diff --git a/resources/policy/outputs.tf b/resources/policy/outputs.tf
@@ -0,0 +1,10 @@
+output "policy_name" {
+  description = "The name of the policy created"
+  value       = aws_iam_policy.this.name
+}
+
+
+output "policy_arn" {
+  description = "The name of the policy created"
+  value       = aws_iam_policy.this.arn
+}
diff --git a/resources/policy/vars.tf b/resources/policy/vars.tf
@@ -0,0 +1,13 @@
+variable "policy_name" {
+  description = "The name of the policy to create"
+}
+
+variable "policy_description" {
+  description = "A description of the policy"
+  default     = ""
+}
+
+variable "policy_document" {
+  description = "JSON policy document"
+}
+
diff --git a/resources/policy/versions.tf b/resources/policy/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 0.12.26"
+
+  required_providers {
+    aws = {
+      source : "hashicorp/aws",
+      required_version : ">= 3.21.0"
+    }
+  }
+}
diff --git a/resources/role/README.md b/resources/role/README.md
@@ -0,0 +1,30 @@
+## Terraform Role module
+
+This module creates an IAM Role and attaches the provided assume role policy to the role.
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.26 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| assume\_role\_policy\_document | Json policy document | `any` | n/a | yes |
+| role\_name | The name of the role | `any` | n/a | yes |
+| tags | Additional tags to add to IAM Role Resource. | `map(any)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| role\_arn | The arn of the policy created |
+| role\_name | The arn of the policy created |
+
diff --git a/resources/role/main.tf b/resources/role/main.tf
@@ -0,0 +1,6 @@
+resource "aws_iam_role" "this" {
+  name               = var.role_name
+  assume_role_policy = var.assume_role_policy_document
+  tags               = var.tags
+}
+
diff --git a/resources/role/outputs.tf b/resources/role/outputs.tf
@@ -0,0 +1,10 @@
+output "role_arn" {
+  description = "The arn of the role created"
+  value       = aws_iam_role.this.arn
+}
+
+
+output "role_name" {
+  description = "The name of the role created"
+  value       = aws_iam_role.this.name
+}
diff --git a/resources/role/vars.tf b/resources/role/vars.tf
@@ -0,0 +1,13 @@
+variable "assume_role_policy_document" {
+  description = "Json policy document"
+}
+
+variable "tags" {
+  description = "Additional tags to add to IAM Role Resource."
+  type        = map(any)
+  default     = {}
+}
+
+variable "role_name" {
+  description = "The name of the role that needs to be created"
+}
diff --git a/resources/role/versions.tf b/resources/role/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 0.12.26"
+
+  required_providers {
+    aws = {
+      source : "hashicorp/aws",
+      required_version : ">= 3.21.0"
+    }
+  }
+}