Skip to main content
Version: v1.8

AWS IAM-ASSUMABLE-ROLE

Description

Terraform module which creates IAM resources on AWS

Specification

Properties

NameDescriptionTypeRequiredDefault
admin_role_policy_arnPolicy ARN to use for admin rolestringfalse
attach_admin_policyWhether to attach an admin policy to a roleboolfalse
attach_poweruser_policyWhether to attach a poweruser policy to a roleboolfalse
attach_readonly_policyWhether to attach a readonly policy to a roleboolfalse
create_instance_profileWhether to create an instance profileboolfalse
create_roleWhether to create a roleboolfalse
custom_role_policy_arnsList of ARNs of IAM policies to attach to IAM rolelist(string)false
custom_role_trust_policyA custom role trust policystringfalse
force_detach_policiesWhether policies should be detached from this role when destroyingboolfalse
max_session_durationMaximum CLI/API session duration in seconds between 3600 and 43200numberfalse
mfa_ageMax age of valid MFA (in seconds) for roles which require MFAnumberfalse
number_of_custom_role_policy_arnsNumber of IAM policies to attach to IAM rolenumberfalse
poweruser_role_policy_arnPolicy ARN to use for poweruser rolestringfalse
readonly_role_policy_arnPolicy ARN to use for readonly rolestringfalse
role_descriptionIAM Role descriptionstringfalse
role_nameIAM role namestringfalse
role_pathPath of IAM rolestringfalse
role_permissions_boundary_arnPermissions boundary ARN to use for IAM rolestringfalse
role_requires_mfaWhether role requires MFAboolfalse
role_sts_externalidSTS ExternalId condition values to use with a role (when MFA is not required)anyfalse
tagsA map of tags to add to IAM role resourcesmap(string)false
trusted_role_actionsActions of STSlist(string)false
trusted_role_arnsARNs of AWS entities who can assume these roleslist(string)false
trusted_role_servicesAWS Services that can assume these roleslist(string)false
writeConnectionSecretToRefThe secret which the cloud resource connection will be written towriteConnectionSecretToReffalse

writeConnectionSecretToRef

NameDescriptionTypeRequiredDefault
nameThe secret name which the cloud resource connection will be written tostringtrue
namespaceThe secret namespace which the cloud resource connection will be written tostringfalse