github.com/pbs/terraform-aws-iam-role-module?ref=0.2.5More information can be found on these install methods and more in the documentation here.
This module provisions an IAM role.
It is assumed that this role will be used by an AWS service. As such, the optional aws_services parameter is frequently used. This parameter populates the trust relationship that allows AWS services to assume the role.
It is recommended that you use the aws_iam_policy_document data source to generate the JSON string passed into policy_json. This ensures that changes to your policy are detected and rendered correctly on plans and applies.
The exception to this recommendation is when some complex logic is involved in resolving a dynamic policy. In this case, it can be advantageous to use the jsonencode function to encode the Terraform dictionary as a json string.
Integrate this module like so:
module "role" {
source = "github.com/pbs/terraform-aws-iam-role-module?ref=0.2.5"
policy_json = data.aws_iam_policy_document.policy_document.json
# Tagging Parameters
organization = var.organization
environment = var.environment
product = var.product
repo = var.repo
# Optional Parameters
aws_services = ["lambda"]
}If this repo is added as a subtree, then the version of the module should be close to the version shown here:
0.2.5
Note, however that subtrees can be altered as desired within repositories.
Further documentation on usage can be found here.
Below is automatically generated documentation on this Terraform module using terraform-docs
| Name | Version |
|---|---|
| terraform | >= 1.3.2 |
| aws | >= 4.5.0 |
| Name | Version |
|---|---|
| aws | 5.27.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_instance_profile.instance_profile | resource |
| aws_iam_policy.policy | resource |
| aws_iam_role.role | resource |
| aws_iam_role_policy_attachment.policy_attachment | resource |
| aws_default_tags.common_tags | data source |
| aws_iam_policy_document.assume_role_policy | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| environment | Environment (sharedtools, dev, staging, qa, prod) | string |
n/a | yes |
| organization | Organization using this module. Used to prefix tags so that they are easily identified as being from your organization | string |
n/a | yes |
| policy_json | Policy document providing permissions on this role | string |
n/a | yes |
| product | Tag used to group resources according to product | string |
n/a | yes |
| repo | Tag used to point to the repo using this module | string |
n/a | yes |
| assume_role_policy | JSON string of the assume role policy. If null, assumes that aws_services have been provided. | string |
null |
no |
| aws_services | AWS services that will be assuming this role. e.g. [lambda, edgelambda] | set(string) |
[] |
no |
| create_instance_profile | Create an instance profile for this role | bool |
false |
no |
| name | Name of the IAM role. If use_prefix is true, this will be the prefix of the role name. If null, will default to product value. |
string |
null |
no |
| path | Path to the role | string |
null |
no |
| permissions_boundary_arn | ARN of the permissions boundary to use for this role | string |
null |
no |
| tags | Extra tags | map(string) |
{} |
no |
| use_prefix | Use prefix instead of explicit name | bool |
true |
no |
| Name | Description |
|---|---|
| arn | ARN of the IAM role |
| name | Name of the IAM role |