Terraform module which creates IAM Role and IAM Policy resources on AWS.
Provision IAM Role and its own Customer Managed Policies. This module provides recommended settings.
- Use managed policies instead of inline policies
module "iam_role" {
source = "git::https://github.com/tmknom/terraform-aws-iam-role.git?ref=tags/2.0.0"
name = "minimal"
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
policy = data.aws_iam_policy_document.policy.json
}
data "aws_iam_policy_document" "assume_role_policy" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
actions = [
"sts:AssumeRole",
]
}
}
data "aws_iam_policy_document" "policy" {
statement {
effect = "Allow"
actions = [
"ec2:Describe*",
]
resources = ["*"]
}
}module "iam_role" {
source = "git::https://github.com/tmknom/terraform-aws-iam-role.git?ref=tags/2.0.0"
name = "complete"
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
policy = data.aws_iam_policy_document.policy.json
path = "/ec2/"
description = "Describe EC2"
max_session_duration = 7200
force_detach_policies = true
}
data "aws_iam_policy_document" "assume_role_policy" {
# Omitted below.
}
data "aws_iam_policy_document" "policy" {
# Omitted below.
}| Name | Version |
|---|---|
| terraform | >= 0.12 |
| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| assume_role_policy | The policy that grants an entity permission to assume the role. | string |
n/a | yes |
| name | The name of the role. If omitted, Terraform will assign a random, unique name. | string |
n/a | yes |
| policy | The policy document. This is a JSON formatted string. | string |
n/a | yes |
| description | The description of the role and the policy. | string |
"Managed by Terraform" |
no |
| force_detach_policies | Specifies to force detaching any policies the role has before destroying it. | bool |
false |
no |
| max_session_duration | The maximum session duration (in seconds) that you want to set for the specified role. | string |
"3600" |
no |
| path | Path in which to create the role and the policy. | string |
"/" |
no |
| Name | Description |
|---|---|
| iam_policy_arn | The ARN assigned by AWS to this policy. |
| iam_policy_description | The description of the policy. |
| iam_policy_document | The policy document. |
| iam_policy_id | The policy's ID. |
| iam_policy_name | The name of the policy. |
| iam_policy_path | The path of the policy in IAM. |
| iam_role_arn | The Amazon Resource Name (ARN) specifying the role. |
| iam_role_create_date | The creation date of the IAM role. |
| iam_role_description | The description of the role. |
| iam_role_name | The name of the role. |
| iam_role_unique_id | The stable and unique string identifying the role. |
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
export AWS_DEFAULT_REGION=ap-northeast-1git clone [email protected]:tmknom/terraform-aws-iam-role.git
cd terraform-aws-iam-role
make installapply-complete Run terraform apply examples/complete
apply-minimal Run terraform apply examples/minimal
bump-version Bump version (Required argument 'VERSION')
check-format Check format code
clean Clean .terraform
destroy-complete Run terraform destroy examples/complete
destroy-minimal Run terraform destroy examples/minimal
diff Word diff
docs Generate docs
format Format code
help Show help
install Install requirements
lint Lint code
plan-complete Run terraform plan examples/complete
plan-minimal Run terraform plan examples/minimal
release Release GitHub and Terraform Module Registry
upgrade Upgrade makefile
Bump VERSION file, and run make release.
Apache 2 Licensed. See LICENSE for full details.