update

README.md

@@ -7,7 +7,7 @@
     Terraform AWS Iam Role
 </h1>
 
-<p align="center" style="font-size: 1.2rem;">
+<p align="center" style="font-size: 1.2rem;"> 
     Terraform module to create Iam role resource on AWS.
      </p>
 
@@ -38,7 +38,7 @@
 <hr>
 
 
-We eat, drink, sleep and most importantly love **DevOps**. We are working towards stratergies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy <b>Bigger problems are always solved by breaking them into smaller manageable problems</b>. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller <b>connected yet manageable pieces</b> within the infrastructure.
+We eat, drink, sleep and most importantly love **DevOps**. We are working towards stratergies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy <b>Bigger problems are always solved by breaking them into smaller manageable problems</b>. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller <b>connected yet manageable pieces</b> within the infrastructure. 
 
 This module is basically combination of [Terraform open source](https://www.terraform.io/) and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.
 
@@ -49,7 +49,7 @@ We have [*fifty plus terraform modules*][terraform_modules]. A few of them are c
 
 ## Prerequisites
 
-This module has a few dependencies:
+This module has a few dependencies: 
 
 - [Terraform 0.12](https://learn.hashicorp.com/terraform/getting-started/install.html)
 - [Go](https://golang.org/doc/install)
@@ -71,76 +71,54 @@ This module has a few dependencies:
 ### Simple example
 Here is an example of how you can use this module in your inventory structure:
 ```hcl
-  module "iam-role" {
-    source             = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.0"
-    name               = "iam-role"
-    application        = "clouddrove"
-    environment        = "test"
-    label_order        = ["environment", "name", "application"]
-    assume_role_policy = data.aws_iam_policy_document.default.json
-    policy_enabled     = true
-    policy             = data.aws_iam_policy_document.iam-policy.json
-  }
-
-  data "aws_iam_policy_document" "default" {
-    statement {
+      module "iam-role" {
+      source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.0"
+
+      name               = "iam-role"
+      application        = "clouddrove"
+      environment        = "test"
+      label_order        = ["environment", "name", "application"]
+      assume_role_policy = data.aws_iam_policy_document.default.json
+
+      policy_enabled = true
+      policy         = data.aws_iam_policy_document.iam-policy.json
+    }
+
+      data "aws_iam_policy_document" "default" {
+      statement {
+      effect  = "Allow"
       actions = ["sts:AssumeRole"]
       principals {
-        type        = "Service"
-        identifiers = ["ec2.amazonaws.com"]
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+      }
       }
     }
-  }
-
-  data "aws_iam_policy_document" "iam-policy" {
-    statement {
-        actions = [
-          "ec2:Describe*"
-        ]
-        effect = "Allow"
-        resources = ["*"]
+
+      data "aws_iam_policy_document" "iam-policy" {
+      statement {
+      actions = [
+      "ssm:UpdateInstanceInformation",
+      "ssmmessages:CreateControlChannel",
+      "ssmmessages:CreateDataChannel",
+      "ssmmessages:OpenControlChannel",
+      "ssmmessages:OpenDataChannel"    ]
+      effect    = "Allow"
+      resources = ["*"]
       }
-  }
+    }
 ```
 
 
 
 
 
 
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| application | Application (e.g. `cd` or `clouddrove`). | string | `` | no |
-| assume_role_policy | Whether to create Iam role. | string | - | yes |
-| attributes | Additional attributes (e.g. `1`). | list | `<list>` | no |
-| delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | string | `-` | no |
-| description | The description of the role. | string | `` | no |
-| enabled | Whether to create Iam role. | bool | `true` | no |
-| environment | Environment (e.g. `prod`, `dev`, `staging`). | string | `` | no |
-| force_detach_policies | The policy that grants an entity permission to assume the role. | bool | `false` | no |
-| label_order | Label order, e.g. `name`,`application`. | list | `<list>` | no |
-| max_session_duration | The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | number | `3600` | no |
-| name | Name  (e.g. `app` or `cluster`). | string | `` | no |
-| path | The path to the role. | string | `/` | no |
-| permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the role. | string | `` | no |
-| policy | The policy document. | string | `` | no |
-| policy_enabled | Whether to Attach Iam policy with role. | bool | `false` | no |
-| tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | map | `<map>` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| arn | The Amazon Resource Name (ARN) specifying the role. |
-| tags | A mapping of tags to assign to the resource. |
-
 
 
 
 ## Testing
-In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system.
+In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. 
 
 You need to run the following command in the testing folder:
 ```hcl
@@ -149,7 +127,7 @@ You need to run the following command in the testing folder:
 
 
 
-## Feedback
+## Feedback 
 If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-iam-role/issues), or feel free to drop us an email at [[email protected]](mailto:[email protected]).
 
 If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/terraform-aws-iam-role)!

README.yaml

@@ -36,34 +36,40 @@ usage : |-
   ### Simple example
   Here is an example of how you can use this module in your inventory structure:
   ```hcl
-    module "iam-role" {
-      source             = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.0"
-      name               = "iam-role"
-      application        = "clouddrove"
-      environment        = "test"
-      label_order        = ["environment", "name", "application"]
-      assume_role_policy = data.aws_iam_policy_document.default.json
-      policy_enabled     = true
-      policy             = data.aws_iam_policy_document.iam-policy.json
-    }
+        module "iam-role" {
+        source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.0"
 
-    data "aws_iam_policy_document" "default" {
-      statement {
+        name               = "iam-role"
+        application        = "clouddrove"
+        environment        = "test"
+        label_order        = ["environment", "name", "application"]
+        assume_role_policy = data.aws_iam_policy_document.default.json
+
+        policy_enabled = true
+        policy         = data.aws_iam_policy_document.iam-policy.json
+      }
+
+        data "aws_iam_policy_document" "default" {
+        statement {
+        effect  = "Allow"
         actions = ["sts:AssumeRole"]
         principals {
-          type        = "Service"
-          identifiers = ["ec2.amazonaws.com"]
+        type        = "Service"
+        identifiers = ["ec2.amazonaws.com"]
+        }
         }
       }
-    }
 
-    data "aws_iam_policy_document" "iam-policy" {
-      statement {
-          actions = [
-            "ec2:Describe*"
-          ]
-          effect = "Allow"
-          resources = ["*"]
+        data "aws_iam_policy_document" "iam-policy" {
+        statement {
+        actions = [
+        "ssm:UpdateInstanceInformation",
+        "ssmmessages:CreateControlChannel",
+        "ssmmessages:CreateDataChannel",
+        "ssmmessages:OpenControlChannel",
+        "ssmmessages:OpenDataChannel"    ]
+        effect    = "Allow"
+        resources = ["*"]
         }
-    }
+      }
   ```

_example/example.tf

@@ -3,7 +3,7 @@ provider "aws" {
 }
 
 module "iam-role" {
-  source = "./../"
+  source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.0"
 
   name               = "iam-role"
   application        = "clouddrove"
@@ -17,8 +17,8 @@ module "iam-role" {
 
 data "aws_iam_policy_document" "default" {
   statement {
+    effect  = "Allow"
     actions = ["sts:AssumeRole"]
-
     principals {
       type        = "Service"
       identifiers = ["ec2.amazonaws.com"]
@@ -29,8 +29,11 @@ data "aws_iam_policy_document" "default" {
 data "aws_iam_policy_document" "iam-policy" {
   statement {
     actions = [
-      "ec2:Describe*"
-    ]
+      "ssm:UpdateInstanceInformation",
+      "ssmmessages:CreateControlChannel",
+      "ssmmessages:CreateDataChannel",
+      "ssmmessages:OpenControlChannel",
+      "ssmmessages:OpenDataChannel"    ]
     effect    = "Allow"
     resources = ["*"]
   }

main.tf

@@ -34,6 +34,5 @@ resource "aws_iam_role_policy" "default" {
   count = var.enabled && var.policy_enabled ? 1 : 0
   name  = format("%s-policy", module.labels.id)
   role  = aws_iam_role.default.*.id[0]
-
   policy = var.policy
 }

outputs.tf

@@ -8,4 +8,9 @@ output "arn" {
 output "tags" {
   value       = module.labels.tags
   description = "A mapping of tags to assign to the resource."
-}
+}
+
+output "name" {
+  value       = join("", aws_iam_role.default.*.name)
+  description = "Name of specifying the role."
+}