# AWS IAM role

This module configures an IAM role in an AWS account. It works conjointly with
my [tofu module for IAM
user](https://git.adyxax.org/adyxax/tofu-module-aws-iam-user).

It provides a default policy allowing my Forgejo workflows to run tests and
continuous integration tasks on AWS.

## Usage example

``` hcl
module "aws_iam_role" {
  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-role?depth=1&ref=1.1.0"

  name            = local.name
  policy_statements = jsonencode([
    {
      Action   = "acm:*"
      Effect   = "Allow"
      Resource = "*"
    },
  ])
}
```

## Policies

The IAM role is granted the following permissions on the AWS account:
- Access specified by the `var.policy_statements` JSON encoded list.
- Read the role IAM object.