{"id":15661143,"url":"https://github.com/cytopia/terraform-aws-iam","last_synced_at":"2025-10-19T20:39:54.772Z","repository":{"id":53100195,"uuid":"165872535","full_name":"cytopia/terraform-aws-iam","owner":"cytopia","description":"This Terraform module manages AWS IAM to its full extend.","archived":false,"fork":false,"pushed_at":"2024-04-08T13:39:23.000Z","size":179,"stargazers_count":20,"open_issues_count":3,"forks_count":16,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-08-21T01:25:19.392Z","etag":null,"topics":["aws","iam","iam-permissions","iam-policy","iam-role","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cytopia.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-15T15:12:27.000Z","updated_at":"2024-12-05T10:31:33.000Z","dependencies_parsed_at":"2024-10-23T07:18:27.535Z","dependency_job_id":"26463a73-cb14-449e-9baa-facdf7b11dce","html_url":"https://github.com/cytopia/terraform-aws-iam","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/cytopia/terraform-aws-iam","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cytopia%2Fterraform-aws-iam","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cytopia%2Fterraform-aws-iam/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cytopia%2Fterraform-aws-iam/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cytopia%2Fterraform-aws-iam/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cytopia","download_url":"https://codeload.github.com/cytopia/terraform-aws-iam/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cytopia%2Fterraform-aws-iam/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279904002,"owners_count":26241844,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-19T02:00:07.647Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","iam","iam-permissions","iam-policy","iam-role","terraform","terraform-module"],"created_at":"2024-10-03T13:26:06.794Z","updated_at":"2025-10-19T20:39:54.738Z","avatar_url":"https://github.com/cytopia.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform module: AWS IAM\n\n**[Features](#star-features)** |\n**[Important](#exclamation-important)** |\n**[Examples](#bulb-examples)** |\n**[Usage](#computer-usage)** |\n**[Inputs](#required-inputs)** |\n**[Outputs](#outputs)** |\n**[Related projects](#related-projects)** |\n**[Authors](#authors)** |\n**[License](#license)**\n\n[![lint](https://github.com/cytopia/terraform-aws-iam/workflows/lint/badge.svg)](https://github.com/cytopia/terraform-aws-iam/actions?query=workflow%3Alint)\n[![test](https://github.com/cytopia/terraform-aws-iam/workflows/test/badge.svg)](https://github.com/cytopia/terraform-aws-iam/actions?query=workflow%3Atest)\n[![Tag](https://img.shields.io/github/tag/cytopia/terraform-aws-iam.svg)](https://github.com/cytopia/terraform-aws-iam/releases)\n[![Terraform](https://img.shields.io/badge/Terraform--registry-aws--iam-brightgreen.svg)](https://registry.terraform.io/modules/cytopia/iam/aws/)\n[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT)\n\n\nThis Terraform module manages AWS IAM to its full extend.\n\nIt is only required to have a single module invocation per AWS account, as this module allows the creation of unlimited resources and you will therefore have an auditable single source of truth for IAM.\n\n\n## :star: Features\n\n* Completely configurable via `terraform.tfvars` only\n* Arbitrary number of IAM **policies**, **groups**, **users** and **roles**\n* Policies can be defined via **JSON** or **templatable JSON** files\n* Policies can be defined via [`aws_iam_policy_document`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) ([Example here](examples/policies-with-custom-data-sources))\n* Groups, users and roles can be attached to an arbitrary number of **custom policies**, **inline policies** and existing **policy ARN's**\n* Users can be added to an arbitrary number of **groups**\n* Users support AWS access/secret **[key rotation](examples/access-key-rotation/)**\n* Roles support **trusted entities**\n* Arbitrary number of **identity providers** (SAML and OIDC)\n* **Account settings**: account alias and password policy\n\n\n## :exclamation: Important\n\nWhen creating an IAM user with an `Inactive` access key, it is initially created with access key set to `Active`. You will have to run it a second time in order to deactivate the access key.\nThis is either an issue with the terraform resource [`aws_iam_access_key`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) or with the AWS api itself.\n\n\n## :bulb: Examples\n\nThis module is very flexible and might look a bit complicated at first glance. To show off a few features which are possible, have a look at the following examples.\n\n**:page_facing_up: Also see each example README.md file for more detailed explanations on each of the covered resources. They serve as a documentation purpose as well.**\n\n| Example | Description |\n|-------------------------------------------------------------------|----------------------------------------------------------|\n| **POLICIES** | |\n| [JSON policies](examples/policies/) | Define JSON policies with variable templating |\n| [Policies with custom data sources](examples/policies-with-custom-data-sources) | Use terraform's [`aws_iam_policy_document`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) data source to create policies and attach them to defined roles. |\n| **GROUPS / USERS** | |\n| [Groups](examples/groups/) | Defines groups |\n| [Users](examples/users/) | Defines users |\n| [Groups, users and policies](examples/groups-users-and-policies/) | Defines groups, users and policies |\n| [Access key rotation](examples/access-key-rotation/) | Shows how to safely rotate AWS access keys for IAM users |\n| **ROLES** | |\n| [Roles](examples/roles/) | Define roles (cross-account assumable) |\n| **ADVANCED** | |\n| [SAML Login](examples/saml-login/) | Login into AWS via SAML identity provider and assume cross-account roles. Also read about best-practices for separating login roles and permission roles. |\n\n\n## :computer: Usage\n\n1. [Use `terraform.tfvars` only](#use-terraformtfvars-only)\n2. [Use Module](#use-module)\n3. [Use Terragrunt](#use-terragrunt)\n\n### Use `terraform.tfvars` only\n\nYou can simply clone this repository and add your `terraform.tfvars` file into the root of this directory.\n\n`terraform.tfvars`\n```hcl\n# --------------------------------------------------------------------------------\n# Account Management\n# --------------------------------------------------------------------------------\n\naccount_alias = \"prod-account\"\n\naccount_pass_policy = {\n manage = true\n allow_users_to_change_password = true\n hard_expiry = false\n max_password_age = 365\n minimum_password_length = 8\n password_reuse_prevention = 5\n require_lowercase_characters = true\n require_numbers = true\n require_symbols = true\n require_uppercase_characters = true\n}\n\n# --------------------------------------------------------------------------------\n# Account Identity provider\n# --------------------------------------------------------------------------------\n\n# Add a SAML provider for login\nproviders_saml = [\n {\n name = \"AzureAD\"\n file = \"path/to/azure/meta.xml\"\n },\n {\n name = \"ADFS\"\n file = \"path/to/adfs/meta.xml\"\n }\n]\n\n# --------------------------------------------------------------------------------\n# Policies, Groups, Users and Roles\n# --------------------------------------------------------------------------------\n\n# List of policies to create\n# Policies defined here can be used by name in groups, users and roles list\npolicies = [\n {\n name = \"ro-billing\"\n path = \"/assume/human/\"\n desc = \"Provides read-only access to billing\"\n file = \"policies/ro-billing.json\"\n vars = {}\n },\n]\n\n# List of groups to manage\n# Groups defined here can be used in users list\ngroups = [\n {\n name = \"admin-group\"\n path = null\n policies = []\n policy_arns = [\n \"arn:aws:iam::aws:policy/AdministratorAccess\",\n ]\n inline_policies = []\n },\n]\n\n# List of users to manage\nusers = [\n {\n name = \"admin\"\n path = null\n groups = [\"admin-group\"]\n access_keys = []\n permissions_boundary = null\n policies = []\n policy_arns = []\n inline_policies = []\n },\n]\n\n# List of roles to manage\nroles = [\n {\n name = \"ROLE-ADMIN\"\n path = \"\"\n desc = \"\"\n trust_policy_file = \"trust-policies/admin.json\"\n permissions_boundary = null\n policies = []\n policy_arns = [\n \"arn:aws:iam::aws:policy/AdministratorAccess\",\n ]\n inline_policies = []\n },\n {\n name = \"ROLE-DEV\"\n path = \"\"\n desc = \"\"\n trust_policy_file = \"trust-policies/dev.json\"\n permissions_boundary = \"arn:aws:iam::aws:policy/PowerUserAccess\"\n policies = [\n \"ro-billing\",\n ]\n policy_arns = [\n \"arn:aws:iam::aws:policy/PowerUserAccess\",\n ]\n inline_policies = []\n },\n]\n\n# --------------------------------------------------------------------------------\n# Defaults\n# --------------------------------------------------------------------------------\n\npolicy_path = \"/\"\npolicy_desc = \"Managed by Terraform\"\ngroup_path = \"/\"\nuser_path = \"/\"\nrole_path = \"/\"\nrole_desc = \"Managed by Terraform\"\n\nrole_max_session_duration = 3600\nrole_force_detach_policies = true\n\ntags = {\n env = \"prod\"\n owner = \"terraform\"\n}\n```\n\n\n### Use Module\n\nCreate your own module by sourcing this module.\n\n```hcl\nmodule \"iam_roles\" {\n source = \"github.com/cytopia/terraform-aws-iam?ref=v5.0.5\"\n\n # --------------------------------------------------------------------------------\n # Account Management\n # --------------------------------------------------------------------------------\n\n account_alias = \"prod-account\"\n\n account_pass_policy = {\n manage = true\n allow_users_to_change_password = true\n hard_expiry = false\n max_password_age = 365\n minimum_password_length = 8\n password_reuse_prevention = 5\n require_lowercase_characters = true\n require_numbers = true\n require_symbols = true\n require_uppercase_characters = true\n }\n\n # --------------------------------------------------------------------------------\n # Account Identity provider\n # --------------------------------------------------------------------------------\n\n # Add a SAML provider for login\n providers_saml = [\n {\n name = \"AzureAD\"\n file = \"path/to/azure/meta.xml\"\n },\n {\n name = \"ADFS\"\n file = \"path/to/adfs/meta.xml\"\n }\n ]\n\n # --------------------------------------------------------------------------------\n # Policies, Groups, Users and Roles\n # --------------------------------------------------------------------------------\n\n # List of policies to create\n # Policies defined here can be used by name in groups, users and roles list\n policies = [\n {\n name = \"ro-billing\"\n path = \"/assume/human/\"\n desc = \"Provides read-only access to billing\"\n file = \"policies/ro-billing.json\"\n vars = {}\n },\n ]\n\n # List of groups to manage\n # Groups defined here can be used in users list\n groups = [\n {\n name = \"admin-group\"\n path = null\n policies = []\n policy_arns = [\n \"arn:aws:iam::aws:policy/AdministratorAccess\",\n ]\n inline_policies = []\n },\n ]\n\n # List of users to manage\n users = [\n {\n name = \"admin\"\n path = null\n groups = [\"admin-group\"]\n access_keys = []\n permissions_boundary = null\n policies = []\n policy_arns = []\n inline_policies = []\n },\n ]\n\n # List of roles to manage\n roles = [\n {\n name = \"ROLE-ADMIN\"\n path = \"\"\n desc = \"\"\n trust_policy_file = \"trust-policies/admin.json\"\n permissions_boundary = null\n policies = []\n policy_arns = [\n \"arn:aws:iam::aws:policy/AdministratorAccess\",\n ]\n inline_policies = []\n },\n {\n name = \"ROLE-DEV\"\n path = \"\"\n desc = \"\"\n trust_policy_file = \"trust-policies/dev.json\"\n permissions_boundary = \"arn:aws:iam::aws:policy/PowerUserAccess\"\n policies = [\n \"ro-billing\",\n ]\n policy_arns = [\n \"arn:aws:iam::aws:policy/PowerUserAccess\",\n ]\n inline_policies = []\n },\n ]\n\n # --------------------------------------------------------------------------------\n # Defaults\n # --------------------------------------------------------------------------------\n\n policy_path = \"/\"\n policy_desc = \"Managed by Terraform\"\n group_path = \"/\"\n user_path = \"/\"\n role_path = \"/\"\n role_desc = \"Managed by Terraform\"\n\n role_max_session_duration = 3600\n role_force_detach_policies = true\n\n tags = {\n env = \"prod\"\n owner = \"terraform\"\n }\n}\n```\n\n### Use Terragrunt\n\nWrap this module into Terragrunt\n\n```hcl\nterraform {\n source = \"github.com/cytopia/terraform-aws-iam?ref=v5.0.5\"\n}\n\ninputs = {\n # --------------------------------------------------------------------------------\n # Account Management\n # --------------------------------------------------------------------------------\n\n account_alias = \"prod-account\"\n\n account_pass_policy = {\n manage = true\n allow_users_to_change_password = true\n hard_expiry = false\n max_password_age = 365\n minimum_password_length = 8\n password_reuse_prevention = 5\n require_lowercase_characters = true\n require_numbers = true\n require_symbols = true\n require_uppercase_characters = true\n }\n\n # --------------------------------------------------------------------------------\n # Account Identity provider\n # --------------------------------------------------------------------------------\n\n # Add a SAML providers for login\n providers_saml = [\n {\n name = \"AzureAD\"\n file = \"path/to/azure/meta.xml\"\n },\n {\n name = \"ADFS\"\n file = \"path/to/adfs/meta.xml\"\n }\n ]\n\n # --------------------------------------------------------------------------------\n # Policies, Groups, Users and Roles\n # --------------------------------------------------------------------------------\n\n # List of policies to create\n # Policies defined here can be used by name in groups, users and roles list\n policies = [\n {\n name = \"ro-billing\"\n path = \"/assume/human/\"\n desc = \"Provides read-only access to billing\"\n file = \"policies/ro-billing.json\"\n vars = {}\n },\n ]\n\n # List of groups to manage\n # Groups defined here can be used in users list\n groups = [\n {\n name = \"admin-group\"\n path = null\n policies = []\n policy_arns = [\n \"arn:aws:iam::aws:policy/AdministratorAccess\",\n ]\n inline_policies = []\n },\n ]\n\n # List of users to manage\n users = [\n {\n name = \"admin\"\n path = null\n groups = [\"admin-group\"]\n access_keys = []\n permissions_boundary = null\n policies = []\n policy_arns = []\n inline_policies = []\n },\n ]\n\n # List of roles to manage\n roles = [\n {\n name = \"ROLE-ADMIN\"\n path = \"\"\n desc = \"\"\n trust_policy_file = \"trust-policies/admin.json\"\n permissions_boundary = null\n policies = []\n policy_arns = [\n \"arn:aws:iam::aws:policy/AdministratorAccess\",\n ]\n inline_policies = []\n },\n {\n name = \"ROLE-DEV\"\n path = \"\"\n desc = \"\"\n trust_policy_file = \"trust-policies/dev.json\"\n permissions_boundary = \"arn:aws:iam::aws:policy/PowerUserAccess\"\n policies = [\n \"ro-billing\",\n ]\n policy_arns = [\n \"arn:aws:iam::aws:policy/PowerUserAccess\",\n ]\n inline_policies = []\n },\n ]\n\n # --------------------------------------------------------------------------------\n # Defaults\n # --------------------------------------------------------------------------------\n\n policy_path = \"/\"\n policy_desc = \"Managed by Terraform\"\n group_path = \"/\"\n user_path = \"/\"\n role_path = \"/\"\n role_desc = \"Managed by Terraform\"\n\n role_max_session_duration = 3600\n role_force_detach_policies = true\n\n tags = {\n env = \"prod\"\n owner = \"terraform\"\n }\n}\n```\n\n\n\u003c!-- TFDOCS_INPUTS_START --\u003e\n## Required Inputs\n\nNo required input.\n\n## Optional Inputs\n\nThe following input variables are optional (have default values):\n\n### account\\_alias\n\nDescription: Assign the account alias for the AWS Account. Unmanaged by default. Resource will be created if the string is non-empty.\n\nType: `string`\n\nDefault: `\"\"`\n\n### account\\_pass\\_policy\n\nDescription: Manages Password Policy for the AWS Account. Unmanaged by default. Resource will be created if 'manage' is set to true.\n\nType:\n\n```hcl\nobject({\n manage = bool # Set to true, to manage the AWS account password policy\n allow_users_to_change_password = bool # Allow users to change their own password?\n hard_expiry = bool # Users are prevented from setting a new password after their password has expired?\n max_password_age = number # Number of days that an user password is valid\n minimum_password_length = number # Minimum length to require for user passwords\n password_reuse_prevention = number # The number of previous passwords that users are prevented from reusing\n require_lowercase_characters = bool # Require lowercase characters for user passwords?\n require_numbers = bool # Require numbers for user passwords?\n require_symbols = bool # Require symbols for user passwords?\n require_uppercase_characters = bool # Require uppercase characters for user passwords?\n })\n```\n\nDefault:\n\n```json\n{\n \"allow_users_to_change_password\": null,\n \"hard_expiry\": null,\n \"manage\": false,\n \"max_password_age\": null,\n \"minimum_password_length\": null,\n \"password_reuse_prevention\": null,\n \"require_lowercase_characters\": null,\n \"require_numbers\": null,\n \"require_symbols\": null,\n \"require_uppercase_characters\": null\n}\n```\n\n### providers\\_saml\n\nDescription: A list of dictionaries defining saml providers.\n\nType:\n\n```hcl\nlist(object({\n name = string # The name of the provider to create\n file = string # Path to XML generated by identity provider that supports SAML 2.0\n }))\n```\n\nDefault: `[]`\n\n### providers\\_oidc\n\nDescription: A list of dictionaries defining openid connect providers.\n\nType:\n\n```hcl\nlist(object({\n url = string # URL of the identity provider. Corresponds to the iss claim\n client_id_list = list(string) # List of client IDs (also known as audiences)\n thumbprint_list = list(string) # List of server certificate thumbprints.\n }))\n```\n\nDefault: `[]`\n\n### policies\n\nDescription: A list of dictionaries defining all policies.\n\nType:\n\n```hcl\nlist(object({\n name = string # Name of the policy\n path = string # Defaults to 'var.policy_path' if variable is set to null\n desc = string # Defaults to 'var.policy_desc' if variable is set to null\n file = string # Path to json or json.tmpl file of policy\n vars = map(string) # Policy template variables {key: val, ...}\n }))\n```\n\nDefault: `[]`\n\n### groups\n\nDescription: A list of dictionaries defining all groups.\n\nType:\n\n```hcl\nlist(object({\n name = string # Name of the group\n path = string # Defaults to 'var.group_path' if variable is set to null\n policies = list(string) # List of names of policies (must be defined in var.policies)\n policy_arns = list(string) # List of existing policy ARN's\n inline_policies = list(object({\n name = string # Name of the inline policy\n file = string # Path to json or json.tmpl file of policy\n vars = map(string) # Policy template variables {key = val, ...}\n }))\n }))\n```\n\nDefault: `[]`\n\n### users\n\nDescription: A list of dictionaries defining all users.\n\nType:\n\n```hcl\nlist(object({\n name = string # Name of the user\n path = string # Defaults to 'var.user_path' if variable is set to null\n groups = list(string) # List of group names to add this user to\n access_keys = list(object({\n name = string # IaC identifier for first or second IAM access key (not used on AWS)\n pgp_key = string # Leave empty for non or provide a b64-enc pubkey or keybase username\n status = string # 'Active' or 'Inactive'\n }))\n permissions_boundary = string # ARN to a policy used as permissions boundary (or null/empty)\n policies = list(string) # List of names of policies (must be defined in var.policies)\n policy_arns = list(string) # List of existing policy ARN's\n inline_policies = list(object({\n name = string # Name of the inline policy\n file = string # Path to json or json.tmpl file of policy\n vars = map(string) # Policy template variables {key = val, ...}\n }))\n }))\n```\n\nDefault: `[]`\n\n### roles\n\nDescription: A list of dictionaries defining all roles.\n\nType:\n\n```hcl\nlist(object({\n name = string # Name of the role\n path = string # Defaults to 'var.role_path' if variable is set to null\n desc = string # Defaults to 'var.role_desc' if variable is set to null\n trust_policy_file = string # Path to file of trust/assume policy\n permissions_boundary = string # ARN to a policy used as permissions boundary (or null/empty)\n policies = list(string) # List of names of policies (must be defined in var.policies)\n policy_arns = list(string) # List of existing policy ARN's\n inline_policies = list(object({\n name = string # Name of the inline policy\n file = string # Path to json or json.tmpl file of policy\n vars = map(string) # Policy template variables {key = val, ...}\n }))\n }))\n```\n\nDefault: `[]`\n\n### policy\\_path\n\nDescription: The default path under which to create the policy if not specified in the policies list. You can use a single path, or nest multiple paths as if they were a folder structure. For example, you could use the nested path /division\\_abc/subdivision\\_xyz/product\\_1234/engineering/ to match your company's organizational structure.\n\nType: `string`\n\nDefault: `\"/\"`\n\n### policy\\_desc\n\nDescription: The default description of the policy.\n\nType: `string`\n\nDefault: `\"Managed by Terraform\"`\n\n### group\\_path\n\nDescription: The path under which to create the group. You can use a single path, or nest multiple paths as if they were a folder structure. For example, you could use the nested path /division\\_abc/subdivision\\_xyz/product\\_1234/engineering/ to match your company's organizational structure.\n\nType: `string`\n\nDefault: `\"/\"`\n\n### user\\_path\n\nDescription: The path under which to create the user. You can use a single path, or nest multiple paths as if they were a folder structure. For example, you could use the nested path /division\\_abc/subdivision\\_xyz/product\\_1234/engineering/ to match your company's organizational structure.\n\nType: `string`\n\nDefault: `\"/\"`\n\n### role\\_path\n\nDescription: The path under which to create the role. You can use a single path, or nest multiple paths as if they were a folder structure. For example, you could use the nested path /division\\_abc/subdivision\\_xyz/product\\_1234/engineering/ to match your company's organizational structure.\n\nType: `string`\n\nDefault: `\"/\"`\n\n### role\\_desc\n\nDescription: The description of the role.\n\nType: `string`\n\nDefault: `\"Managed by Terraform\"`\n\n### role\\_max\\_session\\_duration\n\nDescription: The maximum session duration (in seconds) that you want to set for the specified role. This setting can have a value from 1 hour to 12 hours specified in seconds.\n\nType: `string`\n\nDefault: `\"3600\"`\n\n### role\\_force\\_detach\\_policies\n\nDescription: Specifies to force detaching any policies the role has before destroying it.\n\nType: `bool`\n\nDefault: `true`\n\n### tags\n\nDescription: Key-value mapping of tags for the IAM role or user.\n\nType: `map(any)`\n\nDefault: `{}`\n\n\u003c!-- TFDOCS_INPUTS_END --\u003e\n\n\n\u003c!-- TFDOCS_OUTPUTS_START --\u003e\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| account\\_alias | Created Account alias. |\n| account\\_pass\\_policy | Created Account password policy. |\n| debug\\_local\\_group\\_inline\\_policies | The transformed group inline policy map |\n| debug\\_local\\_group\\_policies | The transformed group policy map |\n| debug\\_local\\_group\\_policy\\_arns | The transformed group policy arns map |\n| debug\\_local\\_policies | The transformed policy map |\n| debug\\_local\\_role\\_inline\\_policies | The transformed role inline policy map |\n| debug\\_local\\_role\\_policies | The transformed role policy map |\n| debug\\_local\\_role\\_policy\\_arns | The transformed role policy arns map |\n| debug\\_local\\_user\\_access\\_keys | The transformed user access key map |\n| debug\\_local\\_user\\_inline\\_policies | The transformed user inline policy map |\n| debug\\_local\\_user\\_policies | The transformed user policy map |\n| debug\\_local\\_user\\_policy\\_arns | The transformed user policy arns map |\n| debug\\_var\\_groups | The defined groups list |\n| debug\\_var\\_policies | The transformed policy map |\n| debug\\_var\\_roles | The defined roles list |\n| debug\\_var\\_users | The defined users list |\n| group\\_inline\\_policy\\_attachments | Attached group inline IAM policies |\n| group\\_policy\\_arn\\_attachments | Attached group IAM policy arns |\n| group\\_policy\\_attachments | Attached group customer managed IAM policies |\n| groups | Created IAM groups |\n| policies | Created customer managed IAM policies |\n| providers\\_oidc | Created OpenID Connect providers. |\n| providers\\_saml | Created SAML providers. |\n| role\\_inline\\_policy\\_attachments | Attached role inline IAM policies |\n| role\\_policy\\_arn\\_attachments | Attached role IAM policy arns |\n| role\\_policy\\_attachments | Attached role customer managed IAM policies |\n| roles | Created IAM roles |\n| user\\_group\\_memberships | Assigned user/group memberships |\n| user\\_inline\\_policy\\_attachments | Attached user inline IAM policies |\n| user\\_policy\\_arn\\_attachments | Attached user IAM policy arns |\n| user\\_policy\\_attachments | Attached user customer managed IAM policies |\n| users | Created IAM users |\n\n\u003c!-- TFDOCS_OUTPUTS_END --\u003e\n\n\n## Related projects\n\n| GitHub | Module Registry | Description |\n|--------|-----------------|-------------|\n| [aws-iam][aws_iam_git_lnk] | [aws-iam][aws_iam_reg_lnk] | Manages AWS IAM to its full extend |\n| [aws-iam-roles][aws_iam_roles_git_lnk] | [aws-iam-roles][aws_iam_roles_reg_lnk] | Deprecated by [aws-iam][aws_iam_git_lnk] |\n| [aws-iam-cross_account][aws_iam_cross_acc_git_lnk] | [aws-iam-cross-account][aws_iam_cross_acc_reg_lnk] | Deprecated by [aws-iam][aws_iam_git_lnk] |\n| [aws-route53][aws_route53_git_lnk] | [aws-route53][aws_route53_reg_lnk] | Manages creation of multiple Route53 zones including attachment to new or existing delegation set |\n| [aws-elb][aws_elb_git_lnk] | [aws-elb][aws_elb_reg_lnk] | Manages ELB with optionally a public and/or private Route53 DNS record attached to it |\n| [aws-rds][aws_rds_git_lnk] | [aws-rds][aws_rds_reg_lnk] | Manages RDS resources on AWS |\n\n[aws_iam_git_lnk]: https://github.com/cytopia/terraform-aws-iam\n[aws_iam_reg_lnk]: https://registry.terraform.io/modules/cytopia/iam/aws\n\n[aws_iam_roles_git_lnk]: https://github.com/cytopia/terraform-aws-iam-roles\n[aws_iam_roles_reg_lnk]: https://registry.terraform.io/modules/cytopia/iam-roles/aws\n\n[aws_iam_cross_acc_git_lnk]: https://github.com/cytopia/terraform-aws-iam-cross-account\n[aws_iam_cross_acc_reg_lnk]: https://registry.terraform.io/modules/cytopia/iam-cross-account/aws\n\n[aws_route53_git_lnk]: https://github.com/cytopia/terraform-aws-route53-zone\n[aws_route53_reg_lnk]: https://registry.terraform.io/modules/cytopia/route53-zone/aws\n\n[aws_elb_git_lnk]: https://github.com/cytopia/terraform-aws-elb\n[aws_elb_reg_lnk]: https://registry.terraform.io/modules/cytopia/elb/aws\n\n[aws_rds_git_lnk]: https://github.com/cytopia/terraform-aws-rds\n[aws_rds_reg_lnk]: https://registry.terraform.io/modules/cytopia/rds/aws\n\n\n## Authors\n\nModule managed by [cytopia](https://github.com/cytopia).\n\n\n## License\n\n**[MIT License](LICENSE)**\n\nCopyright (c) 2018 **[cytopia](https://github.com/cytopia)**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcytopia%2Fterraform-aws-iam","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcytopia%2Fterraform-aws-iam","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcytopia%2Fterraform-aws-iam/lists"}