feat: Add support for inline policy creation #479
Conversation
fatmcgav
force-pushed
the
feat/support_inline_policies
branch
2 times, most recently
from
3ee7dc9 to
7df208a
Compare
|
@bryantbiggs Any chance of a review on this one? 😎 |
This commit adds support for creating an inline policy for an IAM role to the `iam-assumable-role-with-oidc` and `iam-assumable-role` modules. Also updated examples for these modules, and corresponding wrappers.
fatmcgav
force-pushed
the
feat/support_inline_policies
branch
from
7df208a to
ae6789b
Compare
|
@bryantbiggs / @antonbabenko Any chance of a review on this one? 👍 |
|
This PR has been automatically marked as stale because it has been open 30 days |
|
bump |
|
why are we creating examples that look like users should be using https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/modules/iam-role-for-service-accounts-eks ? |
So for my use case, I needed to be able to add an inline policy to a role that's assumed by a 3rd party service, not by EKS... |
|
that doesn't really explain why the examples added are IRSA related? |
Ah, ok... that was probably a poor copy'n'paste on my part... Will re-work to show a CircleCI related example... |
|
thank you - it doesn't have to fully function, you can make up OIDC provider details just to demonstrate the point (i.e. - we don't test whether the authentication flow between the role and the OIDC provider works correctly) and the implementation is currently quite lacking - here is a reference that is closer to what we could support terraform-aws-modules/terraform-aws-eks#3087 |
Nice... I'll replicate here 👍 |
This commit updates the `iam-assumable-role-with-oidc` examples to reference the required config for CircleCI [1] [1] https://circleci.com/docs/openid-connect-tokens/#aws
|
RIght, I've pushed a couple of updates based on the changes from terraform-aws-modules/terraform-aws-eks#3087 and also tweaked the oidc examples to reference CircleCI. @bryantbiggs Let me know what you think 👍 |
## [5.40.0](v5.39.1...v5.40.0) (2024-07-05) ### Features * Add support for inline policy creation ([#479](#479)) ([e13cb1e](e13cb1e))
|
This PR is included in version 5.40.0 🎉 |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
This commit adds support for creating an inline policy for an IAM role to the
iam-assumable-role-with-oidcandiam-assumable-rolemodules.Also updated examples for these modules.
Motivation and Context
Allows creation of an IAM role with an inline policy.
inline-policyin iam-assumable-role #419Breaking Changes
None
How Has This Been Tested?
examples/*to demonstrate and validate my change(s)examples/*projectspre-commit run -aon my pull request