https://github.com/dfds/aws-modules-iam-roles-anywhere

IAM Roles Anywhere allows your workloads such as servers, containers, and applications to use X.509 digital certificates to obtain temporary AWS credentials
https://github.com/dfds/aws-modules-iam-roles-anywhere

Last synced: 5 months ago
JSON representation

IAM Roles Anywhere allows your workloads such as servers, containers, and applications to use X.509 digital certificates to obtain temporary AWS credentials

Host: GitHub
URL: https://github.com/dfds/aws-modules-iam-roles-anywhere
Owner: dfds
Created: 2023-01-17T08:38:04.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-08-06T11:39:50.000Z (almost 2 years ago)
Last Synced: 2024-08-07T11:06:54.050Z (almost 2 years ago)
Language: HCL
Size: 48.8 KB
Stars: 0
Watchers: 4
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

          # aws-modules-iam-roles-anywhere

IAM Roles Anywhere allows your workloads such as servers, containers, and applications to use X.509 digital certificates to obtain temporary AWS credentials

# Documentation

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.0.0 |

|  [aws](#requirement\_aws) | >= 5.31.0 |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | 4.54.0 |

## Modules

| Name | Source | Version |

|------|--------|---------|

|  [cloudtrail\_processor](#module\_cloudtrail\_processor) | s3::https://dfds-ce-shared-artifacts.s3.eu-central-1.amazonaws.com/IAM-Roles-Anywhere-PCA-Observability/observability-cloudtrail-processor-lambda-1.4.1.zip | n/a |

## Resources

| Name | Type |

|------|------|

| [aws_cloudwatch_event_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |

| [aws_cloudwatch_event_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |

| [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |

| [aws_iam_policy.lambda_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |

| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |

| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |

| [aws_iam_role_policy_attachment.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |

| [aws_lambda_permission.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |

| [aws_rolesanywhere_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rolesanywhere_profile) | resource |

| [aws_rolesanywhere_trust_anchor.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rolesanywhere_trust_anchor) | resource |

| [aws_iam_policy_document.lambda_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_iam_policy_document.lambda_trust](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_iam_policy_document.role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_iam_policy_document.role_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |

| [aws_s3_object.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_object) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [crl\_lambda\_name](#input\_crl\_lambda\_name) | Name of the shared lambda function that will be used to check the CRL | `string` | `"crl-importer"` | no |

|  [crl\_lambda\_path](#input\_crl\_lambda\_path) | Path to the shared lambda function inside the shared lambda bucket that will be used to check the CRL, make sure to include the trailing slash | `string` | `"iam-rolesanywhere-lambdas/"` | no |

|  [crl\_name](#input\_crl\_name) | Name of the certificate revocation list (CRL) | `string` | n/a | yes |

|  [crl\_shared\_lambda\_name](#input\_crl\_shared\_lambda\_name) | Name of the shared lambda function zip file in the shared bucket in the shared bucket that will be used to check the CRL | `string` | `"crl-importer"` | no |

|  [crl\_url](#input\_crl\_url) | URL of the certificate revocation list (CRL) | `string` | n/a | yes |

|  [deploy\_cloudtrail\_processor](#input\_deploy\_cloudtrail\_processor) | Whether to deploy the cloudtrail-processor lambda | `bool` | `true` | no |

|  [iam\_role\_actions](#input\_iam\_role\_actions) | Actions and the corresponding resource that are allowed to be actioned on by the assumed role | 
list(object({
    actions   = list(string)
    resources = list(string)
  })) | `[]` | no |

|  [observability\_role\_arn](#input\_observability\_role\_arn) | AWS arn of the role that the lambda will assume in the account to place the logs in the bucket. | `string` | `""` | no |

|  [shared\_lambda\_bucket\_name](#input\_shared\_lambda\_bucket\_name) | Name of the S3 bucket where the shared lambda functions are stored | `string` | `"dfds-ce-shared-artifacts"` | no |

|  [system\_environment](#input\_system\_environment) | System Environment | `string` | `""` | no |

|  [system\_name](#input\_system\_name) | Name of the application of service to be used with IAM Roles Anywhere | `string` | n/a | yes |

|  [x509\_certificate\_data](#input\_x509\_certificate\_data) | Bundled Certificate x509 Certificate Data | `string` | n/a | yes |

|  [x509\_subject\_cn\_values](#input\_x509\_subject\_cn\_values) | List of the values of approved certificate CN's | `list(string)` | n/a | yes |

|  [x509\_subject\_ou\_values](#input\_x509\_subject\_ou\_values) | List of the values of certificate OU's | `list(string)` | n/a | yes |

## Outputs

| Name | Description |

|------|-------------|

|  [iam\_profile\_arn](#output\_iam\_profile\_arn) | The Arn of the aws iam role anywhere profile |

|  [iam\_role\_arn](#output\_iam\_role\_arn) | The Arn of the aws iam role |

|  [trust\_anchor\_arn](#output\_trust\_anchor\_arn) | The Arn of the aws iam role anywhere trust anchor |

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/dfds/aws-modules-iam-roles-anywhere

Awesome Lists containing this project

README