https://github.com/hadenlabs/terraform-aws-iam-role
A Terraform module to create an Identity and Access Management (IAM) Role on Amazon Web Services (AWS).
https://github.com/hadenlabs/terraform-aws-iam-role
amazon-web-services aws hadenlabs iac iam peru role terraform terraform-modules
Last synced: 3 months ago
JSON representation
A Terraform module to create an Identity and Access Management (IAM) Role on Amazon Web Services (AWS).
- Host: GitHub
- URL: https://github.com/hadenlabs/terraform-aws-iam-role
- Owner: hadenlabs
- License: lgpl-3.0
- Created: 2021-04-11T19:46:17.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2022-10-11T01:39:26.000Z (over 2 years ago)
- Last Synced: 2025-02-13T16:51:23.753Z (5 months ago)
- Topics: amazon-web-services, aws, hadenlabs, iac, iam, peru, role, terraform, terraform-modules
- Language: Go
- Homepage:
- Size: 210 KB
- Stars: 0
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: docs/contributing.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: docs/code_of_conduct.md
- Security: SECURITY.md
- Support: docs/support.md
- Roadmap: docs/roadmap.md
Awesome Lists containing this project
README
[](https://github.com/hadenlabs/terraform-aws-iam-role/releases) [](https://github.com/hadenlabs/terraform-aws-iam-role/actions?workflow=lint-code) [](https://github.com/hadenlabs/terraform-aws-iam-role/actions?workflow=ci) [](https://github.com/hadenlabs/terraform-aws-iam-role/actions?workflow=test) [](https://github.com/pre-commit/pre-commit) [](https://conventionalcommits.org) [](https://keepachangelog.com) [](https://github.com/hashicorp/terraform/releases) [](https://github.com/terraform-providers/terraform-provider-aws/releases)
# terraform-aws-iam-role
terraform-aws-iam-role for project
## Requirements
This is a list of plugins that need to be installed previously to enjoy all the goodies of this configuration:
- [gomplate](https://github.com/hairyhenderson/gomplate)
- [terraform](https://github.com/hashicorp/terraform)
- [python](https://www.python.org)
- [taskfile](https://github.com/go-task/task)
## Usage
# How to use this project
```hcl
module "main" {
source = "hadenlabs/terraform-aws-iam-role/aws"
version = "0.1.0"
}
```
Full working examples can be found in [examples](./examples) folder.
## Examples
### common
```hcl
module "main" {
source = "hadenlabs/terraform-aws-iam-role/aws"
version = "0.1.0"
}
```
## Requirements
| Name | Version |
| --------- | ----------------- |
| terraform | >= 0.12.20, < 2.0 |
| aws | >= 2.51, < 4.0 |
| null | >=0.1.0 |
## Providers
| Name | Version |
| ---- | -------------- |
| aws | >= 2.51, < 4.0 |
## Modules
| Name | Source | Version |
| ---- | ------------------- | ------- |
| tags | hadenlabs/tags/null | >=0.2 |
## Resources
| Name | Type |
| --- | --- |
| [aws_iam_instance_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
| [aws_iam_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.assume_role_aggregated](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
## Inputs
| Name | Description | Type | Default | Required |
| --- | --- | --- | --- | :-: |
| assume_role_actions | The IAM action to be granted by the AssumeRole policy | `list(string)` |
[
"sts:AssumeRole",
"sts:TagSession"
]
| no |
| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no |
| instance_profile_enabled | Create EC2 Instance Profile for the role | `bool` | `false` | no |
| max_session_duration | The maximum session duration (in seconds) for the role. Can have a value from 1 hour to 12 hours | `number` | `3600` | no |
| name | Bucket name. If provided, the bucket will be created with this name instead of generating the name from the context | `string` | n/a | yes |
| namespace | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| permissions_boundary | ARN of the policy that is used to set the permissions boundary for the role | `string` | `""` | no |
| policy_description | The description of the IAM policy that is visible in the IAM policy manager | `string` | `""` | no |
| policy_documents | List of JSON IAM policy documents | `list(string)` | `[]` | no |
| principals | Map of service name as key and a list of ARNs to allow assuming the role as value (e.g. map(`AWS`, list(`arn:aws:iam:::role/admin`))) | `map(list(string))` | n/a | yes |
| role_description | The description of the IAM role that is visible in the IAM role manager | `string` | n/a | yes |
| stage | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
| use_fullname | If set to 'true' then the full ID for the IAM role name (e.g. `[var.namespace]-[var.stage]-[var.name]`) will be used. | `bool` | `false` | no |
## Outputs
| Name | Description |
| ---------------- | -------------------------------------------------------------------------------------- |
| arn | The Amazon Resource Name (ARN) specifying the role |
| enabled | Enabled property of module |
| id | The stable and unique string identifying the role |
| instance_profile | Name of the ec2 profile (if enabled) |
| name | The name of the IAM role created |
| policy | Role policy document in json format. Outputs always, independent of `enabled` variable |
| use_fullname | return if enabled use fullname |
## Help
**Got a question?**
File a GitHub [issue](https://github.com/hadenlabs/terraform-aws-iam-role/issues).
## Contributing
See [Contributing](./docs/contributing.md).
## Module Versioning
This Module follows the principles of [Semantic Versioning (SemVer)](https://semver.org/).
Using the given version number of `MAJOR.MINOR.PATCH`, we apply the following constructs:
1. Use the `MAJOR` version for incompatible changes.
1. Use the `MINOR` version when adding functionality in a backwards compatible manner.
1. Use the `PATCH` version when introducing backwards compatible bug fixes.
### Backwards compatibility in `0.0.z` and `0.y.z` version
- In the context of initial development, backwards compatibility in versions `0.0.z` is **not guaranteed** when `z` is increased. (Initial development)
- In the context of pre-release, backwards compatibility in versions `0.y.z` is **not guaranteed** when `y` is increased. (Pre-release)
## Copyright
Copyright © 2018-2022 [Hadenlabs](https://hadenlabs.com)
## Trademarks
All other trademarks referenced herein are the property of their respective owners.
## License
The code and styles are licensed under the LGPL-3.0 license [See project license.](LICENSE).
## Don't forget to 🌟 Star 🌟 the repo if you like terraform-aws-iam-role
[Your feedback is appreciated](https://github.com/hadenlabs/terraform-aws-iam-role/issues)