Skip to content

Terraform module Terraform module for creating AWS IAM Roles with heredocs

License

Notifications You must be signed in to change notification settings

baikonur-oss/terraform-aws-iam-nofile

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AWS IAM Role inline Terraform module

Terraform module for creating AWS IAM Roles with inline (heredoc) syntax

terraform v0.12.x

Usage

EC2

module "iam" {
  source = "baikonur-oss/iam-nofile/aws"
  
  type = "lambda"
  name = "lambda-function"

  policy_json = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecs:CreateCluster",
        "ecs:DeregisterContainerInstance",
        "ecs:DiscoverPollEndpoint",
        "ecs:Poll",
        "ecs:RegisterContainerInstance",
        "ecs:StartTelemetrySession",
        "ecs:Submit*",
        "ecr:GetAuthorizationToken",
        "ecr:BatchCheckLayerAvailability",
        "ecr:GetDownloadUrlForLayer",
        "ecr:BatchGetImage",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "*"
    }
  ]
}
EOF
}

Lambda

module "iam" {
  source = "baikonur-oss/iam-nofile/aws"
  
  type = "lambda"
  name = "lambda-function"

  policy_json = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "arn:aws:logs:*:*:*"
            ]
        }
    ]
}
EOF
}

Version pinning

Terraform Module Registry

Use version parameter to pin to a specific version, or to specify a version constraint when pulling from Terraform Module Registry (source = baikonur-oss/iam-nofile/aws). For more information, refer to Module Versions section of Terraform Modules documentation.

GitHub URI

Make sure to use ?ref= version pinning in module source URI when pulling from GitHub. Pulling from GitHub is especially useful for development, as you can pin to a specific branch, tag or commit hash. Example: source = github.com/baikonur-oss/terraform-aws-iam-nofile?ref=v1.0.0

For more information on module version pinning, see Selecting a Revision section of Terraform Modules documentation.

Inputs

Name Description Type Default Required
name Resource name string n/a yes
policy_json IAM Role Policy Document (JSON) string n/a yes
type IAM Role type: ec2/lambda/etc. Used for assume_role_policy principal; service names that have *.amazonaws.com identifiers should work. string n/a yes

Outputs

Name Description
arn IAM Role ARN
name IAM Role name

Contributing

Make sure to have following tools installed:

macOS

brew install pre-commit terraform terraform-docs

# set up pre-commit hooks by running below command in repository root
pre-commit install