Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/schubergphilis/terraform-aws-mcaf-gitlab-oidc
Terraform module to configure GitLab as an IAM OIDC identity provider in AWS
https://github.com/schubergphilis/terraform-aws-mcaf-gitlab-oidc
aws terraform terraform-module
Last synced: 1 day ago
JSON representation
Terraform module to configure GitLab as an IAM OIDC identity provider in AWS
- Host: GitHub
- URL: https://github.com/schubergphilis/terraform-aws-mcaf-gitlab-oidc
- Owner: schubergphilis
- License: apache-2.0
- Created: 2024-05-06T13:30:59.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2024-08-05T12:48:55.000Z (about 2 months ago)
- Last Synced: 2024-09-18T04:37:15.411Z (10 days ago)
- Topics: aws, terraform, terraform-module
- Language: HCL
- Homepage:
- Size: 25.4 KB
- Stars: 0
- Watchers: 16
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# terraform-aws-mcaf-gitlab-oidc
Terraform module to configure GitLab as an IAM OIDC identity provider in AWS.
IMPORTANT: We do not pin modules to versions in our examples. We highly recommend that in your code you pin the version to the exact version you are using so that your infrastructure remains stable.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
| [aws](#requirement\_aws) | >= 4.0.0 |
| [tls](#requirement\_tls) | >= 4.0.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 4.0.0 |
| [tls](#provider\_tls) | >= 4.0.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [oidc\_role](#module\_oidc\_role) | schubergphilis/mcaf-role/aws | ~> 0.4.0 |
## Resources
| Name | Type |
|------|------|
| [aws_iam_openid_connect_provider.gitlab](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource |
| [aws_iam_openid_connect_provider.gitlab](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source |
| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [tls_certificate.gitlab](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/data-sources/certificate) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [create\_provider](#input\_create\_provider) | Toggle to whether or not create the provider. Put to false to not create the provider but instead data source it and create roles only. | `bool` | `true` | no |
| [gitlab\_url](#input\_gitlab\_url) | GitLab URL. The address of your GitLab instance, such as https://gitlab.com or https://gitlab.example.com. | `string` | `"https://gitlab.com"` | no |
| [iam\_roles](#input\_iam\_roles) | Configuration for IAM roles, the key of the map is used as the IAM role name. Unless overwritten by setting the name field. |
map(object({
description = optional(string, "Role assumed by the Gitlab IAM OIDC provider")
name = optional(string, null)
path = optional(string, "/")
permissions_boundary_arn = optional(string, "")
policy = optional(string, null)
policy_arns = optional(set(string), [])
subject_filter_allowed = object({
path = string
ref_type = string
ref = string
})
})) | `{}` | no |
| [tags](#input\_tags) | A mapping of tags to assign to all resources. | `map(string)` | `null` | no |
## Outputs
| Name | Description |
|------|-------------|
| [iam\_roles](#output\_iam\_roles) | Map GitLab OIDC IAM roles name and ARN |
## Licensing
100% Open Source and licensed under the Apache License Version 2.0. See [LICENSE](https://github.com/schubergphilis/terraform-aws-mcaf-gitlab-oidc/blob/main/LICENSE) for full details.