iam-cross-account

cytopia/iam-cross-account/aws

Terraform Module HCL AWS

This Terraform module creates AWS cross-account assumable roles with multiple polcies to be specified via files

Install

module "iam-cross-account" {

source = "cytopia/iam-cross-account/aws"

version = "0.1.3"

}

plain text: /constructs/tfmod-cytopia-iam-cross-account-aws/install.txt

⭐ Source on GitHub 📦 Registry page

README

Terraform module: AWS IAM cross-account This Terraform module create roles and policy in your target account which can be assumed from a source account specified by account id, role name and role path. Multiple policies can be attached to the role in your target account and their definitions must be specified from files. See usage or examples for more detail. Note: Policy attachments can be done decleratively (exclusive) or imperatively (shared). ![Build Status](https://travis-ci.org/cytopia/terraform-aws-iam-cross-account) ![Tag](https://github.com/cytopia/terraform-aws-iam-cross-account/releases) ![Terraform](https://registry.terraform.io/modules/cytopia/iam-cross-account/aws/) ![License](https://opensource.org/licenses/MIT) Quick setup ``hcl module "iam_cross_account_role" { source = "g

Inputs (13)

Name	Type	Description	Default
policies	any		required
name	any	The name of the role.	required
assumer_account_id	any	The AWS account id/number of the assuming account that wants to assume into belo	required
assumer_account_role_name	any	The IAM role in the assuming account that is allowed to assume into the below de	required
force_detach_policies	any	Specifies to force detaching any policies the role has before destroying it.	`true`
description	any	The description of the role.	`"Managed by Terraform"`
default_policy_path	any	The default path under which to create the policy if not specified in the polici	`"/"`
default_policy_desc	any	The description of the policy.	`"Managed by Terraform"`
path	any	The path under which to create the role. You can use a single path, or nest mult	`"/"`
max_session_duration	any	The maximum session duration (in seconds) that you want to set for the specified	`"3600"`
exclusive_policy_attachment	any	If true, the aws_iam_policy_attachment resource creates exclusive attachments of	`true`
tags	any	Key-value mapping of tags for the IAM role.	`{}`
assumer_account_role_path	any	The IAM role path in the assuming account of the role that is allowed to assume	`"/"`

Outputs (24)

cross_account_imperative_policy_attachment_role_names — A list of role names of shared policy attachments.

assumer_account_role_name — The IAM role in the assuming account that is allowed to assume into the below defined role of the ta

cross_account_role_name — The name of the role.

cross_account_role_session_duration — The maximum session duration (in seconds) that you want to set for the specified role. This setting

cross_account_policy_names — A list of names of the policies.

cross_account_policy_paths — A list of paths of the policies.

cross_account_exclusive_policy_attachment_role_names — A list of role names of exclusive policy attachments.

cross_account_imperative_policy_attachment_policy_arns — A list of ARNs of shared policy attachments.

cross_account_role_arn — The Amazon Resource Name (ARN) specifying the role.

assumer_account_id — The AWS account id/number of the assuming account that wants to assume into below defined role of th

cross_account_role_force_detach_policies — Specifies to force detaching any policies the role has before destroying it.

cross_account_policy_arns — A list of ARN assigned by AWS to the policies.

cross_account_policy_policies — A list of the policy definitions.

cross_account_imperative_policy_attachment_names — A list of names of shared policy attachments.

cross_account_exclusive_policy_attachment_names — A list of names of exclusive policy attachments.

assumer_account_role_arn — The AWS account ARN of the assuming account that wants to assume into below defined role of the targ

assumer_account_role_path — The IAM role path in the assuming account of the role that is allowed to assume into the below defin

cross_account_role_id — The stable and unique string identifying the role.

cross_account_role_path — The path to the role.

cross_account_role_assume_role_policy — The policy that grants an entity permission to assume the role.

cross_account_policy_ids — A list of unique IDs of the policies.

cross_account_exclusive_policy_attachment_ids — A list of unique IDs of exclusive policy attachments.

cross_account_exclusive_policy_attachment_policy_arns — A list of ARNs of exclusive policy attachments.

cross_account_imperative_policy_attachment_ids — A list of unique IDs of shared policy attachments.

Resources (4)

aws_iam_policyaws_iam_policy_attachmentaws_iam_roleaws_iam_role_policy_attachment

Topics & Tags

iam-policy terraform iam-permissions aws iam iam-role terraform-module

Details

FrameworkTerraform Module

LanguageHCL

Version0.1.3

Cloud AWS

★ Stars6

Forks6

Total downloads6.5k

Inputs13

Outputs24

Resources4

Examples1

LicenseMIT

Namespacecytopia

Updated

Similar packages

caf-enterprise-scale

Azure landing zones Terraform module

★ 952terraform

caf

Terraform supermodule for the Terraform platform engineering for Azure

★ 581terraform

lz-vending

Terraform module to deploy landing zone subscriptions (and much more) in Azure

★ 210terraform-module

label

Terraform Module to define a consistent naming convention by (namespace, stage,

★ 702terraform

Tools

⚖ Compare with another construct → 📋 View data schema