Skip to main content
Version: Next

AWS IAM-READ-ONLY-POLICY

Description

Terraform module which creates IAM resources on AWS

Specification

Properties

NameDescriptionTypeRequiredDefault
additional_policy_jsonJSON policy document if you want to add custom actionsstringfalse
allow_cloudwatch_logs_queryAllows StartQuery/StopQuery/FilterLogEvents CloudWatch actionsboolfalse
allow_predefined_sts_actionsAllows GetCallerIdentity/GetSessionToken/GetAccessKeyInfo sts actionsboolfalse
allow_web_console_servicesAllows List/Get/Describe/View actions for services used when browsing AWS console (e.g. resource-groups, tag, health services)boolfalse
allowed_servicesList of services to allow Get/List/Describe/View options. Service name should be the same as corresponding service IAM prefix. See what it is for each service here https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.htmllist(string)true
create_policyWhether to create the IAM policyboolfalse
descriptionThe description of the policystringfalse
nameThe name of the policystringfalse
pathThe path of the policy in IAMstringfalse
tagsA map of tags to add to all resources.map(string)false
web_console_servicesList of web console services to allowlist(string)false
writeConnectionSecretToRefThe secret which the cloud resource connection will be written towriteConnectionSecretToReffalse

writeConnectionSecretToRef

NameDescriptionTypeRequiredDefault
nameThe secret name which the cloud resource connection will be written tostringtrue
namespaceThe secret namespace which the cloud resource connection will be written tostringfalse