Skip to content

Releases: sudoblark/sudoblark.terraform.module.aws.iam_role

Initial module setup

14 Sep 10:50
@benjaminlukeclark benjaminlukeclark
1.0.0
d186c04
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Initial module setup Latest
Latest

Description

The initial release of the event bridge rules module.

Changelog available here.

TL; DR

A new terraform module to allow creation of n iam roles with customised, easy to define, iam policy statements and multiple assume role principals.

NEW

  • For each dictionary provided, this module:
    • Creates an IAM role
    • For each dictionary in iam_policy_statements:
      • Creates a new IAM policy and associates it with the IAM role
    • For each dictionary in assume_policy_principles:
      • Allows the associated principle(s) to assume the role

Please see examples folder for example instantiation of module with two different roles, both with and without assume policy principles.

SUPPORTED MODULE DATA STRUCTURE

Data structure
---------------
A list of dictionaries, where each dictionary has the following attributes:

REQUIRED
---------
- suffix                : Suffix to use for the role name
- iam_policy_statements : A list of dictionaries where each dictionary is an IAM statement defining permissions
-- Each dictionary in this list must define the following attributes:
--- sid: Friendly name for the policy, no spaces or special characters allowed
--- actions: A list of IAM actions the role is allowed to perform
--- resources: Which resource(s) the role may perform the above actions against
--- conditions    : An OPTIONAL list of dictionaries, which each defines:
---- test         : Test condition for limiting the action
---- variable     : Value to test
---- values       : A list of strings, denoting what to test for

OPTIONAL
---------
- path                  : Path to create the role and policies under, defaults to "/"

- assume_policy_principles : A list of dictionaries where each dictionary defines a principle allowed to assume the role.
-- Each dictionary in this list must define the following attributes:
--- type          : A string defining what type the principle(s) is/are
--- identifiers   : A list of strings, where each string is an allowed principle
--- conditions    : An OPTIONAL list of dictionaries, which each defines:
---- test         : Test condition for limiting the action
---- variable     : Value to test
---- values       : A list of strings, denoting what to test for


Constraints
---------------
- <var.environment>-<var.application_name>-<suffix> has
to be lower than 38 characters due to IAM role naming requirements. Cannot encode in variable validation as
string interpolations are not allowed in variables.

FEEDBACK

Submit suggestions for improvements to [email protected].

Assets 2
Loading