adyxax/tofu-module-aws-iam-role

Julien Dessaux 441295d140

feat(module): add output variable arn and deprecate output variable iam_role_arn

2025-04-12 07:56:02 +02:00

783 B

Raw Permalink Blame History

AWS IAM role

This module configures an IAM role in an AWS account. It works conjointly with my tofu module for IAM user.

It provides a default policy allowing my Forgejo workflows to run tests and continuous integration tasks on AWS.

Usage example

module "aws_iam_role" {
  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-role?depth=1&ref=1.1.0"

  name            = local.name
  policy_statements = jsonencode([
    {
      Action   = "acm:*"
      Effect   = "Allow"
      Resource = "*"
    },
  ])
}

Policies

The IAM role is granted the following permissions on the AWS account:

Access specified by the var.policy_statements JSON encoded list.
Read the role IAM object.