Skip to content

Files

Latest commit

 

History

History

iam-assumable-role-with-oidc

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 

iam-assumable-role-with-oidc

Creates single IAM role which can be assumed by trusted resources using OpenID Connect Federated Users.

Creating IAM OIDC Identity Providers

This module supports IAM Roles for kubernetes service accounts as described in the EKS documentation.

Requirements

Name Version
terraform >= 1.0
aws >= 4.0

Providers

Name Version
aws >= 4.0

Modules

No modules.

Resources

Name Type
aws_iam_role.this resource
aws_iam_role_policy_attachment.custom resource
aws_caller_identity.current data source
aws_iam_policy_document.assume_role_with_oidc data source
aws_partition.current data source

Inputs

Name Description Type Default Required
allow_self_assume_role Determines whether to allow the role to be assume itself bool false no
aws_account_id The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider string "" no
create_role Whether to create a role bool false no
force_detach_policies Whether policies should be detached from this role when destroying bool false no
max_session_duration Maximum CLI/API session duration in seconds between 3600 and 43200 number 3600 no
number_of_role_policy_arns Number of IAM policies to attach to IAM role number null no
oidc_fully_qualified_audiences The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise. set(string) [] no
oidc_fully_qualified_subjects The fully qualified OIDC subjects to be added to the role policy set(string) [] no
oidc_subjects_with_wildcards The OIDC subject using wildcards to be added to the role policy set(string) [] no
provider_url URL of the OIDC Provider. Use provider_urls to specify several URLs. string "" no
provider_urls List of URLs of the OIDC Providers list(string) [] no
role_description IAM Role description string "" no
role_name IAM role name string null no
role_name_prefix IAM role name prefix string null no
role_path Path of IAM role string "/" no
role_permissions_boundary_arn Permissions boundary ARN to use for IAM role string "" no
role_policy_arns List of ARNs of IAM policies to attach to IAM role list(string) [] no
tags A map of tags to add to IAM role resources map(string) {} no

Outputs

Name Description
iam_role_arn ARN of IAM role
iam_role_name Name of IAM role
iam_role_path Path of IAM role
iam_role_unique_id Unique ID of IAM role