Name | Version |
---|---|
terraform | >= 1.0 |
aws | >= 4.0 |
Name | Version |
---|---|
aws | >= 4.0 |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
app_name | App name (ie. Flux, Velero, etc.) | string |
"" |
no |
asm_secret_arns | ARNs of secrets in AWS secrets manager (ASM) to add to policy | list(string) |
[] |
no |
assume_role_condition_test | Name of the IAM condition operator to evaluate when assuming the role | string |
"StringEquals" |
no |
attach_cloudwatch_policy | Determines whether to attach the cloudwatch permissions to the role | bool |
false |
no |
attach_dynamodb_policy | Determines whether to attach the dynamodb policy to the role | bool |
false |
no |
attach_ec2_policy | Determines whether to attach the ec2 permissions to the role | bool |
false |
no |
attach_insights_policy | Determines whether to attach the CloudWatch Insights policy to the role | bool |
false |
no |
attach_s3_policy | Determines whether to attach the S3 to the role | bool |
false |
no |
attach_secretsmanager_policy | Determines whether to attach the secrets manager permissions to the role | bool |
false |
no |
attach_sops_policy | Determines whether to attach the SOPS policy to the role | bool |
false |
no |
attach_tags_policy | Determines whether to attach the tags permissions to the role | bool |
false |
no |
create_role | Whether to create a role | bool |
true |
no |
dynamodb_arn | Dynamodb table to allow access to | string |
"" |
no |
force_detach_policies | Whether policies should be detached from this role when destroying | bool |
true |
no |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number |
null |
no |
oidc_providers | Map of OIDC providers where each provider map should contain the provider , provider_arn , and namespace_service_accounts |
any |
{ |
no |
policy_name_prefix | IAM policy name prefix | string |
"AmazonEKS_" |
no |
role_description | IAM Role description | string |
null |
no |
role_name | Name of IAM role | string |
"vpc-cni" |
no |
role_path | Path of IAM role | string |
"/delegatedadmin/developer/" |
no |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string |
"arn:aws:iam::373346310182:policy/cms-cloud-admin/developer-boundary-policy" |
no |
role_policy_arns | ARNs of any policies to attach to the IAM role | map(string) |
{} |
no |
s3_bucket_arns | List of S3 Bucket ARNs to allow access to | list(string) |
[ |
no |
sops_arn | SOPS ARN to allow access to | string |
"" |
no |
sqs_read_write_arns | List of SQS ARNs to allow read/write access to | list(string) |
[] |
no |
tags | A map of tags to add the the IAM role | map(any) |
{} |
no |
Name | Description |
---|---|
iam_role_arn | ARN of IAM role |
iam_role_name | Name of IAM role |
iam_role_path | Path of IAM role |
iam_role_unique_id | Unique ID of IAM role |