| account_ids |
Root users of these Accounts (id) would be given the permissions to assume the role created by this module. |
list(string) |
[] |
no |
| conditions |
(Optional) Additonal conditions for checking the OIDC claim. |
list(object({
test = string
variable = string
values = list(string)
})) |
[] |
no |
| custom_principal_arns |
List of IAM principals ARNs able to assume the role created by this module. |
list(string) |
[] |
no |
| default_conditions |
(Optional) Default condtions to apply, at least one of the following is madatory: 'allow_main', 'allow_environment', 'deny_pull_request' and 'allow_all'. |
list(string) |
[
"allow_main",
"deny_pull_request"
] |
no |
| github_environments |
(Optional) Allow GitHub action to deploy to all (default) or to one of the environments in the list. |
list(string) |
[
"*"
] |
no |
| github_oidc_issuer |
OIDC issuer for GitHub Actions |
string |
"token.actions.githubusercontent.com" |
no |
| openid_connect_provider_arn |
Set the openid connect provider ARN when the provider is not managed by the module. |
string |
n/a |
yes |
| policy_statement |
Map of dynamic policy statements to attach to IAM role |
any |
{} |
no |
| repo |
(Optional) GitHub repository to grant access to assume a role via OIDC. When the repo is set, a role will be created. |
string |
null |
no |
| role_max_session_duration |
Maximum session duration (in seconds) that you want to set for the specified role. |
number |
null |
no |
| role_name |
(Optional) role name of the created role, if not provided the namespace will be used. |
string |
null |
no |
| role_path |
(Optional) Path for the created role, requires repo is set. |
string |
"/gh-actions/" |
no |
| role_permissions_boundary |
(Optional) Boundary for the created role, requires repo is set. |
string |
null |
no |
| role_policy_arns |
List of ARNs of IAM policies to attach to IAM role |
list(string) |
[] |
no |
| tags |
tags that applied for all resources |
map(string) |
{} |
no |