Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Added support for sts:ExternalId in modules/iam-assumable-role #90

Merged
merged 2 commits into from
Aug 17, 2020
Merged

feat: Added support for sts:ExternalId in modules/iam-assumable-role #90

merged 2 commits into from
Aug 17, 2020

Conversation

LAKostis
Copy link
Contributor

Description

  • Add support of sts:ExternalId

Motivation and Context

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html - sometimes service integration require ExternalId instead of MFA.

Breaking Changes

None

How Has This Been Tested?

I've tested in my environment having this kind of setup:

module "iam_assume_role_in_prod_testrole" {
  source = "git::https://github.com/LAKostis/terraform-aws-iam.git//modules/iam-assumable-role?ref=feature/add-sts-externalid-support"

  trusted_role_arns = [
    "arn:aws:iam::${var.some_account_id}:root",
  ]

  create_role = true

  role_name         = "DatadogAWSIntegrationRole"
  role_requires_mfa = false

  sts_externalid = var.datadog_sts_id

  custom_role_policy_arns = [
    "arn:aws:iam::${data.aws_caller_identity.test.account_id}:policy/DatadogAWSIntegrationPolicy",
  ]

  providers = {
    aws = aws.test
  }
}

@LAKostis LAKostis changed the title modules/iam-assumable-role: add sts:ExternalId feature: add sts:ExternalId Aug 14, 2020
@LAKostis LAKostis force-pushed the feature/add-sts-externalid-support branch from edb200d to 0d9507a Compare August 14, 2020 12:11
@antonbabenko antonbabenko merged commit 893f08a into terraform-aws-modules:master Aug 17, 2020
@antonbabenko antonbabenko changed the title feature: add sts:ExternalId feat: Added support for sts:ExternalId in modules/iam-assumable-role Aug 17, 2020
@antonbabenko
Copy link
Member

Thanks for this addition, @LAKostis !

v2.15.0 has been just released.

hoylemd added a commit to pixlee/terraform-aws-iam that referenced this pull request Oct 14, 2020
@hoylemd
Merge remote-tracking branch 'upstream/master' into master
331c6c9 
* upstream/master: (26 commits)
  Updated CHANGELOG
  fix: Fixed ses_smtp_password_v4 output name
  Updated CHANGELOG
  fix: simplify count statements (terraform-aws-modules#93)
  Updated CHANGELOG
  fix: Allow running on custom AWS partition (incl. govcloud) (terraform-aws-modules#94)
  Updated CHANGELOG
  feat: modules/iam-assumable-role-with-oidc: Support multiple provider URLs (terraform-aws-modules#91)
  Updated CHANGELOG
  feat: Strip https:// from OIDC provider URL if present (terraform-aws-modules#50)
  Updated CHANGELOG
  fix: Allow modules/iam-assumable-role-with-oidc to work in govcloud (terraform-aws-modules#83)
  Updated CHANGELOG
  feat: Added support for sts:ExternalId in modules/iam-assumable-role (terraform-aws-modules#90)
  Updated CHANGELOG
  fix: Delete DEPRECATED ses_smtp_password in iam-user. (terraform-aws-modules#88)
  Updated CHANGELOG
  feat: Support for Terraform v0.13 and AWS provider v3 (terraform-aws-modules#87)
  docs: Updated example in README (terraform-aws-modules#52)
  Updated CHANGELOG
  ...
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@LAKostis @antonbabenko