Terraform module which creates IAM Role and IAM Policy resources on AWS.
Provision IAM Role and its own Customer Managed Policies. This module provides recommended settings.
- Use managed policies instead of inline policies
module "iam_role" {
source = "git::https://github.com/tmknom/terraform-aws-iam-role.git?ref=tags/1.2.0"
name = "minimal"
assume_role_policy = "${data.aws_iam_policy_document.assume_role_policy.json}"
policy = "${data.aws_iam_policy_document.policy.json}"
}
data "aws_iam_policy_document" "assume_role_policy" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
actions = [
"sts:AssumeRole",
]
}
}
data "aws_iam_policy_document" "policy" {
statement {
effect = "Allow"
actions = [
"ec2:Describe*",
]
resources = ["*"]
}
}module "iam_role" {
source = "git::https://github.com/tmknom/terraform-aws-iam-role.git?ref=tags/1.2.0"
name = "complete"
assume_role_policy = "${data.aws_iam_policy_document.assume_role_policy.json}"
policy = "${data.aws_iam_policy_document.policy.json}"
path = "/ec2/"
description = "Describe EC2"
max_session_duration = 7200
force_detach_policies = true
}
data "aws_iam_policy_document" "assume_role_policy" {
# Omitted below.
}
data "aws_iam_policy_document" "policy" {
# Omitted below.
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| assume_role_policy | The policy that grants an entity permission to assume the role. | string | - | yes |
| name | The name of the role. If omitted, Terraform will assign a random, unique name. | string | - | yes |
| policy | The policy document. This is a JSON formatted string. | string | - | yes |
| description | The description of the role and the policy. | string | Managed by Terraform |
no |
| force_detach_policies | Specifies to force detaching any policies the role has before destroying it. | string | false |
no |
| max_session_duration | The maximum session duration (in seconds) that you want to set for the specified role. | string | 3600 |
no |
| path | Path in which to create the role and the policy. | string | / |
no |
| Name | Description |
|---|---|
| iam_policy_arn | The ARN assigned by AWS to this policy. |
| iam_policy_description | The description of the policy. |
| iam_policy_document | The policy document. |
| iam_policy_id | The policy's ID. |
| iam_policy_name | The name of the policy. |
| iam_policy_path | The path of the policy in IAM. |
| iam_role_arn | The Amazon Resource Name (ARN) specifying the role. |
| iam_role_create_date | The creation date of the IAM role. |
| iam_role_description | The description of the role. |
| iam_role_name | The name of the role. |
| iam_role_unique_id | The stable and unique string identifying the role. |
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
export AWS_DEFAULT_REGION=ap-northeast-1git clone [email protected]:tmknom/terraform-aws-iam-role.git
cd terraform-aws-iam-role
make installcheck-format Check format code
cibuild Execute CI build
clean Clean .terraform
docs Generate docs
format Format code
help Show help
install Install requirements
lint Lint code
release Release GitHub and Terraform Module Registry
terraform-apply-complete Run terraform apply examples/complete
terraform-apply-minimal Run terraform apply examples/minimal
terraform-destroy-complete Run terraform destroy examples/complete
terraform-destroy-minimal Run terraform destroy examples/minimal
terraform-plan-complete Run terraform plan examples/complete
terraform-plan-minimal Run terraform plan examples/minimal
upgrade Upgrade makefile
Bump VERSION file, and run make release.
Apache 2 Licensed. See LICENSE for full details.