Skip to main content



Terraform module which creates IAM resources on AWS



admin_role_nameIAM role with admin accessstringfalse
admin_role_pathPath of admin IAM rolestringfalse
admin_role_permissions_boundary_arnPermissions boundary ARN to use for admin rolestringfalse
admin_role_policy_arnsList of policy ARNs to use for admin rolelist(string)false
admin_role_requires_mfaWhether admin role requires MFAboolfalse
admin_role_tagsA map of tags to add to admin role
create_admin_roleWhether to create admin roleboolfalse
create_poweruser_roleWhether to create poweruser roleboolfalse
create_readonly_roleWhether to create readonly roleboolfalse
force_detach_policiesWhether policies should be detached from this role when destroyingboolfalse
max_session_durationMaximum CLI/API session duration in seconds between 3600 and 43200numberfalse
mfa_ageMax age of valid MFA (in seconds) for roles which require MFAnumberfalse
poweruser_role_nameIAM role with poweruser accessstringfalse
poweruser_role_pathPath of poweruser IAM rolestringfalse
poweruser_role_permissions_boundary_arnPermissions boundary ARN to use for poweruser rolestringfalse
poweruser_role_policy_arnsList of policy ARNs to use for poweruser rolelist(string)false
poweruser_role_requires_mfaWhether poweruser role requires MFAboolfalse
poweruser_role_tagsA map of tags to add to poweruser role
readonly_role_nameIAM role with readonly accessstringfalse
readonly_role_pathPath of readonly IAM rolestringfalse
readonly_role_permissions_boundary_arnPermissions boundary ARN to use for readonly rolestringfalse
readonly_role_policy_arnsList of policy ARNs to use for readonly rolelist(string)false
readonly_role_requires_mfaWhether readonly role requires MFAboolfalse
readonly_role_tagsA map of tags to add to readonly role
trusted_role_arnsARNs of AWS entities who can assume these roleslist(string)false
trusted_role_servicesAWS Services that can assume these roleslist(string)false
writeConnectionSecretToRefThe secret which the cloud resource connection will be written towriteConnectionSecretToReffalse


nameThe secret name which the cloud resource connection will be written tostringtrue
namespaceThe secret namespace which the cloud resource connection will be written tostringfalse