Skip to main content



A Terraform module that creates IAM role with provided JSON IAM polices documents.



assume_role_actionsThe IAM action to be granted by the AssumeRole policylist(string)false
assume_role_conditionsList of conditions for the assume role policylist(object({\n test = string\n variable = string\n values = list(string)\n }))false
instance_profile_enabledCreate EC2 Instance Profile for the roleboolfalse
managed_policy_arnsList of managed policies to attach to created roleset(string)false
max_session_durationThe maximum session duration (in seconds) for the role. Can have a value from 1 hour to 12 hoursnumberfalse
pathPath to the role and policy. See IAM Identifiers for more information.stringfalse
permissions_boundaryARN of the policy that is used to set the permissions boundary for the rolestringfalse
policy_descriptionThe description of the IAM policy that is visible in the IAM policy managerstringfalse
policy_document_countNumber of policy documents (length of policy_documents list)numberfalse
policy_documentsList of JSON IAM policy documentslist(string)false
principalsMap of service name as key and a list of ARNs to allow assuming the role as value (e.g. map(AWS, list(arn:aws:iam:::role/admin)))map(list(string))false
role_descriptionThe description of the IAM role that is visible in the IAM role managerstringtrue
role_tags_enabledEnable/disable tags on IAM rolesstringfalse
use_fullnameIf set to 'true' then the full ID for the IAM role name (e.g. [var.namespace]-[var.environment]-[var.stage]) will be used.\n\nOtherwise, will be used for the IAM role name.\nboolfalse
writeConnectionSecretToRefThe secret which the cloud resource connection will be written towriteConnectionSecretToReffalse


nameThe secret name which the cloud resource connection will be written tostringtrue
namespaceThe secret namespace which the cloud resource connection will be written tostringfalse