No description

Find a file

Julien Dessaux 3be1738e04 All checks were successful main / test (push) Successful in 52s Details chore(infrastructure): rename test role to avoid collision with tofu-module-aws-iam-ci-user		2025-04-12 08:29:44 +02:00
.forgejo/workflows	chore(infrastructure): bootstrap CI	2025-04-12 07:56:07 +02:00
infrastructure/tofu	chore(infrastructure): rename test role to avoid collision with tofu-module-aws-iam-ci-user	2025-04-12 08:29:44 +02:00
.gitignore	feat(module): initial import	2025-04-11 00:14:56 +02:00
CHANGELOG.md	feat(module): add output variable `arn` and deprecate output variable `iam_role_arn`	2025-04-12 07:56:02 +02:00
LICENSE	feat(module): initial import	2025-04-11 00:14:56 +02:00
main.tf	feat(module): initial import	2025-04-11 00:14:56 +02:00
main.tftest.hcl	chore(infrastructure): rename test role to avoid collision with tofu-module-aws-iam-ci-user	2025-04-12 08:29:44 +02:00
outputs.tf	feat(module): add output variable `arn` and deprecate output variable `iam_role_arn`	2025-04-12 07:56:02 +02:00
providers.tf	feat(module): initial import	2025-04-11 00:14:56 +02:00
README.md	feat(module): add output variable `arn` and deprecate output variable `iam_role_arn`	2025-04-12 07:56:02 +02:00
variables.tf	feat(module): initial import	2025-04-11 00:14:56 +02:00

README.md

AWS IAM role

This module configures an IAM role in an AWS account. It works conjointly with my tofu module for IAM user.

It provides a default policy allowing my Forgejo workflows to run tests and continuous integration tasks on AWS.

Usage example

module "aws_iam_role" {
  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-role?depth=1&ref=1.1.0"

  name            = local.name
  policy_statements = jsonencode([
    {
      Action   = "acm:*"
      Effect   = "Allow"
      Resource = "*"
    },
  ])
}

Policies

The IAM role is granted the following permissions on the AWS account:

Access specified by the var.policy_statements JSON encoded list.
Read the role IAM object.