# AWS IAM role This module configures an IAM role in an AWS account. It works conjointly with my [tofu module for IAM user](https://git.adyxax.org/adyxax/tofu-module-aws-iam-user). It provides a default policy allowing my Forgejo workflows to run tests and continuous integration tasks on AWS. ## Usage example ``` hcl module "aws_iam_role" { source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-role?depth=1&ref=1.1.0" name = local.name policy_statements = jsonencode([ { Action = "acm:*" Effect = "Allow" Resource = "*" }, ]) } ``` ## Policies The IAM role is granted the following permissions on the AWS account: - Access specified by the `var.policy_statements` JSON encoded list. - Read the role IAM object.