adyxax/tofu-module-aws-iam-ci-user
1
0
Fork 0
Code Issues Pull requests Releases 3 Activity Actions
No description
7 commits 1 branch 3 tags 61 KiB
Find a file
Exact
Julien Dessaux 5cabb32839
All checks were successful
main / test (push) Successful in 48s
Details
chore(infrastructure): upgrade aws provider to 6.2.0
2025-07-09 00:40:35 +02:00
.forgejo/workflows feat(module): initial import 2025-04-11 11:14:41 +02:00
infrastructure/tofu chore(infrastructure): upgrade aws provider to 6.2.0 2025-07-09 00:40:35 +02:00
.gitignore feat(module): initial import 2025-04-11 11:14:41 +02:00
CHANGELOG.md feat(module): add provisioning of the AWS IAM user access key to a Forgejo runner repository's secret and variable 2025-07-09 00:40:25 +02:00
LICENSE feat(module): initial import 2025-04-11 11:14:41 +02:00
main.tf feat(module): add provisioning of the AWS IAM user access key to a Forgejo runner repository's secret and variable 2025-07-09 00:40:25 +02:00
outputs.tf feat(module): initial import 2025-04-11 11:14:41 +02:00
providers.tf feat(module): add provisioning of the AWS IAM user access key to a Forgejo runner repository's secret and variable 2025-07-09 00:40:25 +02:00
README.md feat(module): add provisioning of the AWS IAM user access key to a Forgejo runner repository's secret and variable 2025-07-09 00:40:25 +02:00
variables.tf feat(module): add provisioning of the AWS IAM user access key to a Forgejo runner repository's secret and variable 2025-07-09 00:40:25 +02:00

README.md

AWS IAM CI user

This module creates and manages an IAM user in a root AWS account and its corresponding roles in sub-accounts.

It provides a default set of policies allowing my Forgejo workflows to run tests and continuous integration tasks on AWS.

Usage example

module "aws_iam_ci_user" {
  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.1.0"

  core_policy_statements = jsonencode([
    {
      Action   = "route53:*"
      Effect   = "Allow"
      Resource = "*"
    }
  ])
  forgejo_repository = {
    name  = local.name
    owner = "adyxax"
  }
  name = local.name
  tests_policy_statements = jsonencode([
    {
      Action   = "acm:*"
      Effect   = "Allow"
      Resource = "*"
    },
  ])
}