{"id":37564034,"url":"https://github.com/dfds/aws-modules-iam-roles-anywhere","last_synced_at":"2026-01-16T09:12:03.917Z","repository":{"id":97566930,"uuid":"589914745","full_name":"dfds/aws-modules-iam-roles-anywhere","owner":"dfds","description":"IAM Roles Anywhere allows your workloads such as servers, containers, and applications to use X.509 digital certificates to obtain temporary AWS credentials","archived":false,"fork":false,"pushed_at":"2024-08-06T11:39:50.000Z","size":50,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-08-07T11:06:54.050Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dfds.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-17T08:38:04.000Z","updated_at":"2024-08-06T11:11:37.000Z","dependencies_parsed_at":"2024-01-11T16:07:59.053Z","dependency_job_id":"f4e59461-1a72-4d94-8d6f-4076eec75ddc","html_url":"https://github.com/dfds/aws-modules-iam-roles-anywhere","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/dfds/aws-modules-iam-roles-anywhere","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfds%2Faws-modules-iam-roles-anywhere","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfds%2Faws-modules-iam-roles-anywhere/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfds%2Faws-modules-iam-roles-anywhere/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfds%2Faws-modules-iam-roles-anywhere/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dfds","download_url":"https://codeload.github.com/dfds/aws-modules-iam-roles-anywhere/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfds%2Faws-modules-iam-roles-anywhere/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28478049,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T06:30:42.265Z","status":"ssl_error","status_checked_at":"2026-01-16T06:30:16.248Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-16T09:12:03.260Z","updated_at":"2026-01-16T09:12:03.908Z","avatar_url":"https://github.com/dfds.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aws-modules-iam-roles-anywhere\nIAM Roles Anywhere allows your workloads such as servers, containers, and applications to use X.509 digital certificates to obtain temporary AWS credentials\n\n# Documentation\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.0.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 5.31.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 4.54.0 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_cloudtrail_processor\"\u003e\u003c/a\u003e [cloudtrail\\_processor](#module\\_cloudtrail\\_processor) | s3::https://dfds-ce-shared-artifacts.s3.eu-central-1.amazonaws.com/IAM-Roles-Anywhere-PCA-Observability/observability-cloudtrail-processor-lambda-1.4.1.zip | n/a |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudwatch_event_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |\n| [aws_cloudwatch_event_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |\n| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |\n| [aws_iam_policy.lambda_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |\n| [aws_lambda_permission.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |\n| [aws_rolesanywhere_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rolesanywhere_profile) | resource |\n| [aws_rolesanywhere_trust_anchor.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rolesanywhere_trust_anchor) | resource |\n| [aws_iam_policy_document.lambda_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.lambda_trust](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.role_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n| [aws_s3_object.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_object) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_crl_lambda_name\"\u003e\u003c/a\u003e [crl\\_lambda\\_name](#input\\_crl\\_lambda\\_name) | Name of the shared lambda function that will be used to check the CRL | `string` | `\"crl-importer\"` | no |\n| \u003ca name=\"input_crl_lambda_path\"\u003e\u003c/a\u003e [crl\\_lambda\\_path](#input\\_crl\\_lambda\\_path) | Path to the shared lambda function inside the shared lambda bucket that will be used to check the CRL, make sure to include the trailing slash | `string` | `\"iam-rolesanywhere-lambdas/\"` | no |\n| \u003ca name=\"input_crl_name\"\u003e\u003c/a\u003e [crl\\_name](#input\\_crl\\_name) | Name of the certificate revocation list (CRL) | `string` | n/a | yes |\n| \u003ca name=\"input_crl_shared_lambda_name\"\u003e\u003c/a\u003e [crl\\_shared\\_lambda\\_name](#input\\_crl\\_shared\\_lambda\\_name) | Name of the shared lambda function zip file in the shared bucket in the shared bucket that will be used to check the CRL | `string` | `\"crl-importer\"` | no |\n| \u003ca name=\"input_crl_url\"\u003e\u003c/a\u003e [crl\\_url](#input\\_crl\\_url) | URL of the certificate revocation list (CRL) | `string` | n/a | yes |\n| \u003ca name=\"input_deploy_cloudtrail_processor\"\u003e\u003c/a\u003e [deploy\\_cloudtrail\\_processor](#input\\_deploy\\_cloudtrail\\_processor) | Whether to deploy the cloudtrail-processor lambda | `bool` | `true` | no |\n| \u003ca name=\"input_iam_role_actions\"\u003e\u003c/a\u003e [iam\\_role\\_actions](#input\\_iam\\_role\\_actions) | Actions and the corresponding resource that are allowed to be actioned on by the assumed role | \u003cpre\u003elist(object({\u003cbr\u003e    actions   = list(string)\u003cbr\u003e    resources = list(string)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_observability_role_arn\"\u003e\u003c/a\u003e [observability\\_role\\_arn](#input\\_observability\\_role\\_arn) | AWS arn of the role that the lambda will assume in the account to place the logs in the bucket. | `string` | `\"\"` | no |\n| \u003ca name=\"input_shared_lambda_bucket_name\"\u003e\u003c/a\u003e [shared\\_lambda\\_bucket\\_name](#input\\_shared\\_lambda\\_bucket\\_name) | Name of the S3 bucket where the shared lambda functions are stored | `string` | `\"dfds-ce-shared-artifacts\"` | no |\n| \u003ca name=\"input_system_environment\"\u003e\u003c/a\u003e [system\\_environment](#input\\_system\\_environment) | System Environment | `string` | `\"\"` | no |\n| \u003ca name=\"input_system_name\"\u003e\u003c/a\u003e [system\\_name](#input\\_system\\_name) | Name of the application of service to be used with IAM Roles Anywhere | `string` | n/a | yes |\n| \u003ca name=\"input_x509_certificate_data\"\u003e\u003c/a\u003e [x509\\_certificate\\_data](#input\\_x509\\_certificate\\_data) | Bundled Certificate x509 Certificate Data | `string` | n/a | yes |\n| \u003ca name=\"input_x509_subject_cn_values\"\u003e\u003c/a\u003e [x509\\_subject\\_cn\\_values](#input\\_x509\\_subject\\_cn\\_values) | List of the values of approved certificate CN's | `list(string)` | n/a | yes |\n| \u003ca name=\"input_x509_subject_ou_values\"\u003e\u003c/a\u003e [x509\\_subject\\_ou\\_values](#input\\_x509\\_subject\\_ou\\_values) | List of the values of certificate OU's | `list(string)` | n/a | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_iam_profile_arn\"\u003e\u003c/a\u003e [iam\\_profile\\_arn](#output\\_iam\\_profile\\_arn) | The Arn of the aws iam role anywhere profile |\n| \u003ca name=\"output_iam_role_arn\"\u003e\u003c/a\u003e [iam\\_role\\_arn](#output\\_iam\\_role\\_arn) | The Arn of the aws iam role |\n| \u003ca name=\"output_trust_anchor_arn\"\u003e\u003c/a\u003e [trust\\_anchor\\_arn](#output\\_trust\\_anchor\\_arn) | The Arn of the aws iam role anywhere trust anchor |\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdfds%2Faws-modules-iam-roles-anywhere","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdfds%2Faws-modules-iam-roles-anywhere","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdfds%2Faws-modules-iam-roles-anywhere/lists"}