Skip to content
/ ap-terraform-control-panel-iam Public
generated from ministryofjustice/ap-terraform-module-template

Analytical Platform Terraform Control Panel IAM • This repository is defined and managed in Terraform

user-guide.analytical-platform.service.justice.gov.uk
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ministryofjustice/ap-terraform-control-panel-iam

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits

.github

.github

 
 

test

test

 
 

.gitignore

.gitignore

 
 

.releaserc

.releaserc

 
 

.terraform-docs.yml

.terraform-docs.yml

 
 

.tflint.hcl

.tflint.hcl

 
 

README.md

README.md

 
 

app_account_role.tf

app_account_role.tf

 
 

control_panel_role.tf

control_panel_role.tf

 
 

data_account_role.tf

data_account_role.tf

 
 

main.tf

main.tf

 
 

outputs.tf

outputs.tf

 
 

variables.tf

variables.tf

 
 

versions.tf

versions.tf

 
 

Repository files navigation

ap-terraform-control-panel-iam

Creates IAM for the control panel to manage AWS resources in multiple accounts.

The module requires three providers:

  • The account that hosts the cluster the control panel is installed on
  • The data account
  • The account that hosts the cluster the applications are on

These may all the same, all different or any combination in between.

It assumes that a trust relationship between the cluster OIDC provider and other accounts already exists.

Requirements

Name Version
terraform >= 1.2.2
aws >= 3.71.0

Providers

Name Version
aws >= 3.71.0
aws.apps_account >= 3.71.0
aws.control_panel_account >= 3.71.0
aws.data_account >= 3.71.0

Modules

Name Source Version
app_account_role github.com/ministryofjustice/ap-terraform-iam-roles.git//assumable-role-federated-user v1.4.1
control_panel_role github.com/ministryofjustice/ap-terraform-iam-roles.git//eks-role v1.4.1
data_account_role github.com/ministryofjustice/ap-terraform-iam-roles.git//assumable-role-federated-user v1.4.1

Resources

Name Type
aws_iam_policy.allow_sts_policy resource
aws_iam_policy.manage_apps resource
aws_iam_policy.manage_data_account resource
aws_caller_identity.apps_account data source
aws_caller_identity.data_account data source
aws_iam_policy_document.allow_sts_policy data source
aws_iam_policy_document.manage_apps data source
aws_iam_policy_document.manage_data_account data source
aws_region.apps_account data source

Inputs

Name Description Type Default Required
control_panel_service_account The service account for the control panel string n/a yes
provider_url URL of the cluster OIDC Provider string n/a yes
resource_prefix The prefix for the resources this control panel IAM can manage string n/a yes
tags A map of tags to add to IAM role resources map(string) {} no

Outputs

Name Description
app_account_role_arn The ARN of the role for managing application account resources
control_panel_role_arn The ARN of the role that identifies the control panel
data_account_role_arn The ARN of the role for managing data account resources

About

Analytical Platform Terraform Control Panel IAM • This repository is defined and managed in Terraform

user-guide.analytical-platform.service.justice.gov.uk

Topics

analytical-platform ministryofjustice

Resources

Readme

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

9 watching

Forks

0 forks
Report repository

Releases 9

v2.0.5 Latest
Apr 5, 2023
+ 8 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages