https://github.com/chainguard-dev/terraform-aws-chainguard-account-association
Terraform module to connect Chainguard Enforce to your AWS Account
https://github.com/chainguard-dev/terraform-aws-chainguard-account-association
Last synced: 3 months ago
JSON representation
Terraform module to connect Chainguard Enforce to your AWS Account
- Host: GitHub
- URL: https://github.com/chainguard-dev/terraform-aws-chainguard-account-association
- Owner: chainguard-dev
- License: apache-2.0
- Created: 2022-07-13T18:13:50.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2024-06-09T22:46:35.000Z (12 months ago)
- Last Synced: 2025-01-13T11:23:55.384Z (4 months ago)
- Language: HCL
- Size: 58.6 KB
- Stars: 2
- Watchers: 1
- Forks: 9
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Configure Chainguard service access.
Terraform module to connect Chainguard to your AWS account.
This module is needed to leverage certain service integrations from
[Chainguard](https://www.chainguard.dev).
## Usage
This module binds a Chainguard IAM group to a AWS account.
```terraform
module "chainguard-account-association" {
source = "chainguard-dev/chainguard-account-association/aws"
group_ids = [var.group_id]
account = var.account
}
resource "chainguard_account_associations" "example" {
name = "example"
group = var.group_id
amazon {
account = var.account
}
}
```
## How does it work?
Chainguard has an OIDC identity provider. This module configures your AWS
acccount to recognize that OIDC identity provider and allows certain tokens
to bind to certain IAM roles.
## Requirements
| Name | Version |
|------|---------|
| [aws](#requirement\_aws) | >= 2.7.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 2.7.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_iam_openid_connect_provider.chainguard_idp](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource |
| [aws_iam_role.canary_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.catalog-syncer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.catalog-syncer-ecr-push](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [account](#input\_account) | The AWS account ID to which we are binding the Chainguard groups. | `string` | n/a | yes |
| [environment](#input\_environment) | Domain of the Chainguard environment | `string` | `"enforce.dev"` | no |
| [group\_ids](#input\_group\_ids) | Chainguard IAM group IDs to bind your AWS account to. | `list(string)` | n/a | yes |
## Outputs
No outputs.