Skip to main content
Version: Next

AWS IAM-ASSUMABLE-ROLE-WITH-OIDC

Description

Terraform module which creates IAM resources on AWS

Specification

Properties

NameDescriptionTypeRequiredDefault
aws_account_idThe AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS providerstringfalse
create_roleWhether to create a roleboolfalse
force_detach_policiesWhether policies should be detached from this role when destroyingboolfalse
max_session_durationMaximum CLI/API session duration in seconds between 3600 and 43200numberfalse
number_of_role_policy_arnsNumber of IAM policies to attach to IAM rolenumberfalse
oidc_fully_qualified_audiencesThe audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.set(string)false
oidc_fully_qualified_subjectsThe fully qualified OIDC subjects to be added to the role policyset(string)false
oidc_subjects_with_wildcardsThe OIDC subject using wildcards to be added to the role policyset(string)false
provider_urlURL of the OIDC Provider. Use provider_urls to specify several URLs.stringfalse
provider_urlsList of URLs of the OIDC Providerslist(string)false
role_descriptionIAM Role descriptionstringfalse
role_nameIAM role namestringfalse
role_name_prefixIAM role name prefixstringfalse
role_pathPath of IAM rolestringfalse
role_permissions_boundary_arnPermissions boundary ARN to use for IAM rolestringfalse
role_policy_arnsList of ARNs of IAM policies to attach to IAM rolelist(string)false
tagsA map of tags to add to IAM role resourcesmap(string)false
writeConnectionSecretToRefThe secret which the cloud resource connection will be written towriteConnectionSecretToReffalse

writeConnectionSecretToRef

NameDescriptionTypeRequiredDefault
nameThe secret name which the cloud resource connection will be written tostringtrue
namespaceThe secret namespace which the cloud resource connection will be written tostringfalse