iam-role
cloudposse/iam-role/aws
A Terraform module that creates IAM role with provided JSON IAM polices documents.
A Terraform module that creates IAM role with provided JSON IAM polices documents. Warning If var.enabled set false the module can be used as IAM Policy Document Aggregator because output.policy always aggregates var.policy_documents List size var.policy_documents limited to 10 > [!TIP] > #### 👽 Use Atmos with Terraform > Cloud Posse uses atmos to easily orchestrate multiple environments using Terraform. > Works with Github Actions, Atlantis, or Spacelift. > > > Watch demo of using Atmos with Terraform > > Example of running atmos to manage infrastructure from our Quick Start tutorial. > Usage This example creates a role with the name eg-prod-app with permission to grant read-write access to S3 bucket, and gives permission to the entities specified in principals_arns to assume the role. ``
| Name | Type | Description | Default |
|---|---|---|---|
| role_description | string | The description of the IAM role that is visible in the IAM role manager | |
| policy_description | string | The description of the IAM policy that is visible in the IAM policy manager | "" |
| path | string | Path to the role and policy. See [IAM Identifiers](https://docs.aws.amazon.com/I | "/" |
| context | any | Single object for setting entire context at once. See description of individual | {
"additional_tag_map": {},
"attribu |
| id_length_limit | number | Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. | null |
| assume_role_policy | string | A JSON assume role policy document. If set, this will be used as the assume role | null |
| stage | string | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'bu | null |
| name | string | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi | null |
| managed_policy_arns | set(string) | List of managed policies to attach to created role | [] |
| inline_policy_enabled | bool | Whether or not to enable an inline policy instead of a reusable managed policy | false |
| attributes | list(string) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, | [] |
| policy_document_count | number | Number of policy documents (length of policy_documents list) | 1 |
| policy_name | string | The name of the IAM policy that is visible in the IAM policy manager | null |
| additional_tag_map | map(string) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not add | {} |
| descriptor_formats | any | Describe additional descriptors to be output in the `descriptors` output map. Ma | {} |
| use_fullname | bool | If set to 'true' then the full ID for the IAM role name (e.g. `[var.namespace]-[ | true |
| assume_role_actions | list(string) | The IAM action to be granted by the AssumeRole policy | [
"sts:AssumeRole",
"sts:TagSession" |
| environment | string | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'st | null |
| delimiter | string | Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` | null |
| tags | map(string) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the t | {} |
| label_value_case | string | Controls the letter case of ID elements (labels) as included in `id`, set as tag | null |
name — The name of the IAM role createdid — The stable and unique string identifying the rolearn — The Amazon Resource Name (ARN) specifying the rolepolicy — Role policy document in json format. Outputs always, independent of `enabled` variableinstance_profile — Name of the ec2 profile (if enabled)