| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 5.0.0 |
| Name | Version |
|---|---|
| aws | >= 5.0.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_instance_profile.default | resource |
| aws_iam_policy.default | resource |
| aws_iam_role.default | resource |
| aws_iam_role_policy_attachment.default | resource |
| aws_iam_role_policy_attachment.managed | resource |
| aws_iam_policy_document.assume_role | data source |
| aws_iam_policy_document.assume_role_aggregated | data source |
| aws_iam_policy_document.default | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| assume_role_actions | The IAM action to be granted by the AssumeRole policy | list(string) |
[ |
no |
| assume_role_conditions | List of conditions for the assume role policy | list(object({ |
[] |
no |
| instance_profile_enabled | Create EC2 Instance Profile for the role | bool |
false |
no |
| managed_policy_arns | List of managed policies to attach to created role | set(string) |
[] |
no |
| max_session_duration | The maximum session duration (in seconds) for the role. Can have a value from 1 hour to 12 hours | number |
3600 |
no |
| name | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. This is the only ID element not also included as a tag.The "name" tag is set to the full id string. There is no tag with the value of the name input. |
string |
n/a | yes |
| path | Path to the role and policy. See IAM Identifiers for more information. | string |
"/" |
no |
| permissions_boundary | ARN of the policy that is used to set the permissions boundary for the role | string |
"" |
no |
| policy_description | The description of the IAM policy that is visible in the IAM policy manager | string |
"" |
no |
| policy_document_count | Number of policy documents (length of policy_documents list) | number |
1 |
no |
| policy_documents | List of JSON IAM policy documents | list(string) |
[] |
no |
| policy_name | The name of the IAM policy that is visible in the IAM policy manager | string |
null |
no |
| principals | Map of service name as key and a list of ARNs to allow assuming the role as value (e.g. map(AWS, list(arn:aws:iam:::role/admin))) |
map(list(string)) |
{} |
no |
| role_description | The description of the IAM role that is visible in the IAM role manager | string |
n/a | yes |
| tags | Additional tags (e.g. {'BusinessUnit': 'XYZ'}).Neither the tag keys nor the tag values will be modified by this module. |
map(string) |
{} |
no |
| Name | Description |
|---|---|
| arn | The Amazon Resource Name (ARN) specifying the role |
| id | The stable and unique string identifying the role |
| instance_profile | Name of the ec2 profile (if enabled) |
| name | The name of the IAM role created |
| policy | Role policy document in json format. Outputs always, independent of enabled variable |