OpenTofu module to manage continuous integration users on AWS.
Find a file
Julien Dessaux 2c217516cc
All checks were successful
main / test (push) Successful in 1m44s
chore(infrastructure): update dependencies
2025-09-09 11:29:17 +02:00
.forgejo/workflows chore(infrastructure): update dependencies 2025-09-09 11:29:17 +02:00
infrastructure/tofu chore(infrastructure): update dependencies 2025-09-09 11:29:17 +02:00
.gitignore feat(module): initial import 2025-04-11 11:14:41 +02:00
CHANGELOG.md breaking(module): removed var.name and renamed the IAM user and roles 2025-09-09 10:17:56 +02:00
LICENSE feat(module): initial import 2025-04-11 11:14:41 +02:00
main.tf breaking(module): removed var.name and renamed the IAM user and roles 2025-09-09 10:17:56 +02:00
outputs.tf feat(module): initial import 2025-04-11 11:14:41 +02:00
providers.tf feat(module): add provisioning of the AWS IAM user access key to a Forgejo runner repository's secret and variable 2025-07-09 00:40:25 +02:00
README.md breaking(module): removed var.name and renamed the IAM user and roles 2025-09-09 10:17:56 +02:00
variables.tf breaking(module): removed var.name and renamed the IAM user and roles 2025-09-09 10:17:56 +02:00

AWS IAM CI user

This module creates and manages an IAM user in a root AWS account and its corresponding roles in sub-accounts.

It provides a default set of policies allowing my Forgejo workflows to run tests and continuous integration tasks on AWS.

Usage example

module "aws_iam_ci_user" {
  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.1.0"

  core_policy_statements = jsonencode([
    {
      Action   = "route53:*"
      Effect   = "Allow"
      Resource = "*"
    }
  ])
  forgejo_repository = {
    name  = local.name
    owner = "adyxax"
  }
  tests_policy_statements = jsonencode([
    {
      Action   = "acm:*"
      Effect   = "Allow"
      Resource = "*"
    },
  ])
}