adyxax/tofu-module-aws-iam-role
1
0
Fork 0
Code Issues Pull requests Releases2 Activity Actions

Compare commits

...

3 commits
1.1.0 ... main

Author SHA1 Message Date
Julien Dessaux
d9848c574e
doc(module): document assume role policy behavior 2025-04-26 15:10:46 +02:00
Julien Dessaux
3be1738e04
chore(infrastructure): rename test role to avoid collision with tofu-module-aws-iam-ci-user 2025-04-12 08:29:44 +02:00
Julien Dessaux
eb54320d07
chore(infrastructure): upgrade tofu-module-aws-iam-ci-user to 1.0.1 2025-04-12 08:18:05 +02:00
3 changed files with 9 additions and 4 deletions

7
README.md
View file

@ -13,7 +13,7 @@ continuous integration tasks on AWS.
module "aws_iam_role" {
source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-role?depth=1&ref=1.1.0"
name = local.name
name = local.name
policy_statements = jsonencode([
{
Action = "acm:*"
@ -24,6 +24,11 @@ module "aws_iam_role" {
}
```
## Assume role policy
This role is designed to be used with AWS Identity Center and provisions a trust
relationship to the root organization account.
## Policies
The IAM role is granted the following permissions on the AWS account:

4
infrastructure/tofu/main.tf
View file

@ -8,12 +8,12 @@ module "aws_iam_ci_user" {
aws.root = aws.all["root"]
aws.tests = aws.all["tests"]
}
source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.0.0"
source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.0.1"
name = local.name
tests_policy_statements = jsonencode([{
Action = "iam:*"
Effect = "Allow"
Resource = "arn:aws:iam::*:role/tftest",
Resource = "arn:aws:iam::*:role/tftest-role",
}])
}

2
main.tftest.hcl
View file

@ -11,5 +11,5 @@ run "main" {
}
variables {
name = "tftest"
name = "tftest-role"
}