31 lines
783 B
Markdown
31 lines
783 B
Markdown
# AWS IAM role
|
|
|
|
This module configures an IAM role in an AWS account. It works conjointly with
|
|
my [tofu module for IAM
|
|
user](https://git.adyxax.org/adyxax/tofu-module-aws-iam-user).
|
|
|
|
It provides a default policy allowing my Forgejo workflows to run tests and
|
|
continuous integration tasks on AWS.
|
|
|
|
## Usage example
|
|
|
|
``` hcl
|
|
module "aws_iam_role" {
|
|
source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-role?depth=1&ref=1.0.0"
|
|
|
|
name = local.name
|
|
policy_statements = jsonencode([
|
|
{
|
|
Action = "acm:*"
|
|
Effect = "Allow"
|
|
Resource = "*"
|
|
},
|
|
])
|
|
}
|
|
```
|
|
|
|
## Policies
|
|
|
|
The IAM role is granted the following permissions on the AWS account:
|
|
- Access specified by the `var.policy_statements` JSON encoded list.
|
|
- Read the role IAM object.
|