Skip to content

Latest commit

 

History

History
122 lines (100 loc) · 3.41 KB

README.md

File metadata and controls

122 lines (100 loc) · 3.41 KB

AWS IAM Role inline Terraform module

Terraform module for creating AWS IAM Roles with inline (heredoc) syntax

terraform v0.12.x

Usage

EC2

module "iam" {
  source = "baikonur-oss/iam-nofile/aws"
  
  type = "lambda"
  name = "lambda-function"

  policy_json = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecs:CreateCluster",
        "ecs:DeregisterContainerInstance",
        "ecs:DiscoverPollEndpoint",
        "ecs:Poll",
        "ecs:RegisterContainerInstance",
        "ecs:StartTelemetrySession",
        "ecs:Submit*",
        "ecr:GetAuthorizationToken",
        "ecr:BatchCheckLayerAvailability",
        "ecr:GetDownloadUrlForLayer",
        "ecr:BatchGetImage",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "*"
    }
  ]
}
EOF
}

Lambda

module "iam" {
  source = "baikonur-oss/iam-nofile/aws"
  
  type = "lambda"
  name = "lambda-function"

  policy_json = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "arn:aws:logs:*:*:*"
            ]
        }
    ]
}
EOF
}

Version pinning

Terraform Module Registry

Use version parameter to pin to a specific version, or to specify a version constraint when pulling from Terraform Module Registry (source = baikonur-oss/iam-nofile/aws). For more information, refer to Module Versions section of Terraform Modules documentation.

GitHub URI

Make sure to use ?ref= version pinning in module source URI when pulling from GitHub. Pulling from GitHub is especially useful for development, as you can pin to a specific branch, tag or commit hash. Example: source = github.com/baikonur-oss/terraform-aws-iam-nofile?ref=v1.0.0

For more information on module version pinning, see Selecting a Revision section of Terraform Modules documentation.

Inputs

Name Description Type Default Required
name Resource name string n/a yes
policy_json IAM Role Policy Document (JSON) string n/a yes
type IAM Role type: ec2/lambda/etc. Used for assume_role_policy principal; service names that have *.amazonaws.com identifiers should work. string n/a yes

Outputs

Name Description
arn IAM Role ARN
name IAM Role name

Contributing

Make sure to have following tools installed:

macOS

brew install pre-commit terraform terraform-docs

# set up pre-commit hooks by running below command in repository root
pre-commit install