Skip to content

tomarv2/terraform-aws-iam-role

Repository files navigation

Terraform module for AWS IAM role

Versions

  • Module tested for Terraform 1.0.1.
  • AWS provider version 4.35.
  • main branch: Provider versions not pinned to keep up with Terraform releases.
  • tags releases: Tags are pinned with versions (use ).

Usage

Option 1:

terrafrom init
terraform plan -var='teamid=tryme' -var='prjid=project1'
terraform apply -var='teamid=tryme' -var='prjid=project1'
terraform destroy -var='teamid=tryme' -var='prjid=project1'

Note: With this option please take care of remote state storage

Option 2:

Recommended method (stores remote state in S3 using prjid and teamid to create directory structure):

  • Create python 3.8+ virtual environment
python3 -m venv <venv name>
  • Install package:
pip install tfremote --upgrade
  • Set below environment variables:
export TF_AWS_BUCKET=<remote state bucket name>
export TF_AWS_BUCKET_REGION=us-west-2
export TF_AWS_PROFILE=<profile from ~/.ws/credentials>

or

  • Set below environment variables:
export TF_AWS_BUCKET=<remote state bucket name>
export TF_AWS_BUCKET_REGION=us-west-2
export AWS_ACCESS_KEY_ID=<aws_access_key_id>
export AWS_SECRET_ACCESS_KEY=<aws_secret_access_key>
  • Updated examples directory with required values.

  • Run and verify the output before deploying:

tf -c=aws plan -var='teamid=foo' -var='prjid=bar'
  • Run below to deploy:
tf -c=aws apply -var='teamid=foo' -var='prjid=bar'
  • Run below to destroy:
tf -c=aws destroy -var='teamid=foo' -var='prjid=bar'

Note: Read more on tfremote Please refer to examples directory link for references.

Requirements

Name Version
terraform >= 1.0.1
aws ~> 4.35

Providers

Name Version
aws ~> 4.35

Modules

No modules.

Resources

Name Type
aws_iam_instance_profile.this resource
aws_iam_role.this resource
aws_iam_role_policy_attachment.managed_policy resource
aws_iam_policy_document.instance data source

Inputs

Name Description Type Default Required
config IAM roles configuration map(any) {} no
extra_tags Additional tags to associate map(string) {} no

Outputs

Name Description
instance_profile_name Instance profile name
role_arn ARN of the IAM Role
role_name Name of the IAM Role
role_unique_id ARN Unique ID of IAM Role