AWS IAM External Role
Terraform module for describing an IAM role responsible for delegating cross-account access.
These types of resources are supported:
Usage
module "example" {
source = "git::https://gitlab.com/infraprints/modules/aws/iam-external-role"
name = "infraprints-iam-external-role"
external_id = "TXAiS9rfgQghzWW2"
role_arn = ["${aws_iam_role.default.arn}"]
count = "1"
}
resource "aws_iam_role" "default" {
name = "infraprints-ec2-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
}
]
}
EOF
}
Examples
Notes
- The
countproperty is required as a constant as a workaround to a Terraform issue.
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| count | The number of principal entities. | string | n/a | yes |
| description | The description of the role. | string | "" | no |
| external_id | External Identifier set on the role. | string | "" | no |
| force_detach_policies | Specifies to force detaching any policies the role has before destroying it. Defaults to false. | string | "true" | no |
| max_session_duration | The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | string | "3600" | no |
| name | The name of the role. | string | n/a | yes |
| path | The path to the role. See IAM Identifiers for more information. | string | "/external/" | no |
| permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the role. | string | "" | no |
| role_arn | The list of principal entities that is allowed to assume the role. | list | n/a | yes |
| tags | Key-value mapping of tags for the IAM role. | map | <map> | no |
Outputs
| Name | Description |
|---|---|
| arn | The Amazon Resource Name (ARN) specifying the role. |
| create_date | The Amazon Resource Name (ARN) specifying the role. |
| unique_id | The Amazon Resource Name (ARN) specifying the role. |