Usage

Creates an IAM Role for use as a SageMaker service role that can use any KMS key.

module "sagemaker_iam_role" {
  source = "dod-iac/sagemaker-iam-role/aws"

  name = "sagemaker-iam-role"
  keys = ["*"]
  tags = {
    Automation  = "Terraform"
  }
}

Terraform Version

Terraform 0.13. Pin module version to ~> 1.0.0 . Submit pull-requests to main branch.

Terraform 0.11 and 0.12 are not supported.

License

This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.

Requirements

Name	Version
terraform	>= 0.13
aws	>= 3.0, < 5.0

Providers

Name	Version
aws	>= 3.0, < 5.0

Modules

No modules.

Resources

Name	Type
aws_iam_policy.main	resource
aws_iam_role.main	resource
aws_iam_role_policy_attachment.aws_sagemaker_service_role	resource
aws_iam_role_policy_attachment.main	resource
aws_iam_policy_document.assume_role_policy	data source
aws_iam_policy_document.main	data source
aws_partition.current	data source

Inputs

Name	Description	Type	Default	Required
assume_role_policy	The assume role policy for the AWS IAM role. If blank, allows SageMaker resources in the account to assume the role.	string	""	no
description	The description of the AWS IAM role.	string	""	no
keys	The ARNs of the AWS KMS keys the role is allowed to use to decrypt files. Use ["*"] to allow all keys.	list(string)	[]	no
name	The name of the AWS IAM role.	string	n/a	yes
policy_description	The description of the AWS IAM policy. Defaults to "The policy for [NAME]".	string	""	no
policy_name	The name of the AWS IAM policy. Defaults to "[NAME]-policy".	string	""	no
tags	Tags applied to the AWS IAM role.	map(string)	{}	no

Outputs

Name	Description
arn	The Amazon Resource Name (ARN) of the AWS IAM Role.
name	The name of the AWS IAM Role.