Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/benniemosher-dev/terraform-aws-oidc

🪪 A TF module for AWS IAM OIDC identity providers. 🪪
https://github.com/benniemosher-dev/terraform-aws-oidc

aws infrastructure-as-code terraform

Last synced: 3 months ago
JSON representation

🪪 A TF module for AWS IAM OIDC identity providers. 🪪

Host: GitHub
URL: https://github.com/benniemosher-dev/terraform-aws-oidc
Owner: benniemosher-dev
License: mit
Created: 2022-12-11T15:04:19.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2023-02-27T02:28:49.000Z (almost 2 years ago)
Last Synced: 2023-03-03T07:25:12.755Z (almost 2 years ago)
Topics: aws, infrastructure-as-code, terraform
Language: HCL
Homepage:
Size: 7.81 KB
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: CODEOWNERS

Awesome Lists containing this project

README

        # terraform-aws-oidc

![CI Terraform](https://github.com/benniemosher-dev/terraform-aws-oidc/actions/workflows/ci-terraform.yml/badge.svg)

🪪 A TF module for AWS IAM OIDC identity providers. 🪪

## 📜 Usage:

- To install dependencies needed run:

  ```bash

  brew bundle install

  ```

- To initialize Terraform in this folder:

  ```bash

  task infra:init

  ```

- To update modules and providers in this folder:

  ```bash

  task init -- -upgrade

  ```

- To validate the module in this folder:

  ```bash

  task infra:validate

  ```

- To plan the infrastructure in this folder:

  ```bash

  task infra:plan

  ```

- To plan specific resources of infrastructure in this folder:

  ```bash

  task infra:plan -- -target='cloudflare_record.this'

  ```

### 🆒 Extras:

- To find all the automation available in this folder:

  ```bash

  task --list-all

  ```

- To estimate the cost of the infrastructure in this folder:

  ```bash

  task infra:cost

  ```

- To update the documentation in this folder:

  ```bash

  task infra:docs

  ```

- To lint the Terraform in this folder:

  ```bash

  task infra:lint

  ```

- To validate security in this folder:

  ```bash

  task infra:sec

  ```

## 📋 Documentation

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | ~> 1.3 |

|  [aws](#requirement\_aws) | ~> 4.40 |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | 4.46.0 |

## Modules

No modules.

## Resources

| Name | Type |

|------|------|

| [aws_iam_openid_connect_provider.oidc-provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource |

| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |

| [aws_iam_role_policy_attachment.administrator-access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_iam_role_policy_attachment.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_iam_role_policy_attachment.read-only](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_iam_openid_connect_provider.oidc-provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source |

| [aws_iam_policy_document.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [config](#input\_config) | The config for creating this module. | 
object({
    attach-admin-policy           = optional(bool, false)
    attach-read-only-policy       = optional(bool, true)
    create-oidc-provider          = optional(bool, true)
    force-detach-policies         = optional(bool, false)
    github-repositories           = optional(list(string), [])
    github-organisation           = string
    oidc-provider-thumbprint-list = optional(list(string), [])
    oidc-provider-url             = optional(string, null)
    iam-role-name                 = optional(string, null)
    iam-role-path                 = optional(string, "/")
    iam-role-policy-arns          = optional(list(string), [])
    max-session-duration          = optional(number, 3600)
    oidc-provider-client-list     = optional(list(string), [])
    name                          = string
  })
 | n/a | yes |

## Outputs

| Name | Description |

|------|-------------|

|  [iam-role-name](#output\_iam-role-name) | Name of the IAM role. |