OpenTofu module to manage continuous integration users on AWS.

Find a file

Julien Dessaux 2c217516cc All checks were successful main / test (push) Successful in 1m44s Details chore(infrastructure): update dependencies		2025-09-09 11:29:17 +02:00
.forgejo/workflows	chore(infrastructure): update dependencies	2025-09-09 11:29:17 +02:00
infrastructure/tofu	chore(infrastructure): update dependencies	2025-09-09 11:29:17 +02:00
.gitignore	feat(module): initial import	2025-04-11 11:14:41 +02:00
CHANGELOG.md	breaking(module): removed `var.name` and renamed the IAM user and roles	2025-09-09 10:17:56 +02:00
LICENSE	feat(module): initial import	2025-04-11 11:14:41 +02:00
main.tf	breaking(module): removed `var.name` and renamed the IAM user and roles	2025-09-09 10:17:56 +02:00
outputs.tf	feat(module): initial import	2025-04-11 11:14:41 +02:00
providers.tf	feat(module): add provisioning of the AWS IAM user access key to a Forgejo runner repository's secret and variable	2025-07-09 00:40:25 +02:00
README.md	breaking(module): removed `var.name` and renamed the IAM user and roles	2025-09-09 10:17:56 +02:00
variables.tf	breaking(module): removed `var.name` and renamed the IAM user and roles	2025-09-09 10:17:56 +02:00

README.md

AWS IAM CI user

This module creates and manages an IAM user in a root AWS account and its corresponding roles in sub-accounts.

It provides a default set of policies allowing my Forgejo workflows to run tests and continuous integration tasks on AWS.

Usage example

module "aws_iam_ci_user" {
  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.1.0"

  core_policy_statements = jsonencode([
    {
      Action   = "route53:*"
      Effect   = "Allow"
      Resource = "*"
    }
  ])
  forgejo_repository = {
    name  = local.name
    owner = "adyxax"
  }
  tests_policy_statements = jsonencode([
    {
      Action   = "acm:*"
      Effect   = "Allow"
      Resource = "*"
    },
  ])
}