-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Sohan Yadav
committed
Nov 1, 2019
1 parent
3466150
commit 89842ca
Showing
5 changed files
with
78 additions
and
87 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,7 +7,7 @@ | |
Terraform AWS Iam Role | ||
</h1> | ||
|
||
<p align="center" style="font-size: 1.2rem;"> | ||
<p align="center" style="font-size: 1.2rem;"> | ||
Terraform module to create Iam role resource on AWS. | ||
</p> | ||
|
||
|
@@ -38,7 +38,7 @@ | |
<hr> | ||
|
||
|
||
We eat, drink, sleep and most importantly love **DevOps**. We are working towards stratergies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy <b>Bigger problems are always solved by breaking them into smaller manageable problems</b>. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller <b>connected yet manageable pieces</b> within the infrastructure. | ||
We eat, drink, sleep and most importantly love **DevOps**. We are working towards stratergies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy <b>Bigger problems are always solved by breaking them into smaller manageable problems</b>. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller <b>connected yet manageable pieces</b> within the infrastructure. | ||
|
||
This module is basically combination of [Terraform open source](https://www.terraform.io/) and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself. | ||
|
||
|
@@ -49,7 +49,7 @@ We have [*fifty plus terraform modules*][terraform_modules]. A few of them are c | |
|
||
## Prerequisites | ||
|
||
This module has a few dependencies: | ||
This module has a few dependencies: | ||
|
||
- [Terraform 0.12](https://learn.hashicorp.com/terraform/getting-started/install.html) | ||
- [Go](https://golang.org/doc/install) | ||
|
@@ -71,76 +71,54 @@ This module has a few dependencies: | |
### Simple example | ||
Here is an example of how you can use this module in your inventory structure: | ||
```hcl | ||
module "iam-role" { | ||
source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.0" | ||
name = "iam-role" | ||
application = "clouddrove" | ||
environment = "test" | ||
label_order = ["environment", "name", "application"] | ||
assume_role_policy = data.aws_iam_policy_document.default.json | ||
policy_enabled = true | ||
policy = data.aws_iam_policy_document.iam-policy.json | ||
} | ||
data "aws_iam_policy_document" "default" { | ||
statement { | ||
module "iam-role" { | ||
source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.0" | ||
name = "iam-role" | ||
application = "clouddrove" | ||
environment = "test" | ||
label_order = ["environment", "name", "application"] | ||
assume_role_policy = data.aws_iam_policy_document.default.json | ||
policy_enabled = true | ||
policy = data.aws_iam_policy_document.iam-policy.json | ||
} | ||
data "aws_iam_policy_document" "default" { | ||
statement { | ||
effect = "Allow" | ||
actions = ["sts:AssumeRole"] | ||
principals { | ||
type = "Service" | ||
identifiers = ["ec2.amazonaws.com"] | ||
type = "Service" | ||
identifiers = ["ec2.amazonaws.com"] | ||
} | ||
} | ||
} | ||
} | ||
data "aws_iam_policy_document" "iam-policy" { | ||
statement { | ||
actions = [ | ||
"ec2:Describe*" | ||
] | ||
effect = "Allow" | ||
resources = ["*"] | ||
data "aws_iam_policy_document" "iam-policy" { | ||
statement { | ||
actions = [ | ||
"ssm:UpdateInstanceInformation", | ||
"ssmmessages:CreateControlChannel", | ||
"ssmmessages:CreateDataChannel", | ||
"ssmmessages:OpenControlChannel", | ||
"ssmmessages:OpenDataChannel" ] | ||
effect = "Allow" | ||
resources = ["*"] | ||
} | ||
} | ||
} | ||
``` | ||
|
||
|
||
|
||
|
||
|
||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|:----:|:-----:|:-----:| | ||
| application | Application (e.g. `cd` or `clouddrove`). | string | `` | no | | ||
| assume_role_policy | Whether to create Iam role. | string | - | yes | | ||
| attributes | Additional attributes (e.g. `1`). | list | `<list>` | no | | ||
| delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | string | `-` | no | | ||
| description | The description of the role. | string | `` | no | | ||
| enabled | Whether to create Iam role. | bool | `true` | no | | ||
| environment | Environment (e.g. `prod`, `dev`, `staging`). | string | `` | no | | ||
| force_detach_policies | The policy that grants an entity permission to assume the role. | bool | `false` | no | | ||
| label_order | Label order, e.g. `name`,`application`. | list | `<list>` | no | | ||
| max_session_duration | The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | number | `3600` | no | | ||
| name | Name (e.g. `app` or `cluster`). | string | `` | no | | ||
| path | The path to the role. | string | `/` | no | | ||
| permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the role. | string | `` | no | | ||
| policy | The policy document. | string | `` | no | | ||
| policy_enabled | Whether to Attach Iam policy with role. | bool | `false` | no | | ||
| tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | map | `<map>` | no | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| arn | The Amazon Resource Name (ARN) specifying the role. | | ||
| tags | A mapping of tags to assign to the resource. | | ||
|
||
|
||
|
||
|
||
## Testing | ||
In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. | ||
In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. | ||
|
||
You need to run the following command in the testing folder: | ||
```hcl | ||
|
@@ -149,7 +127,7 @@ You need to run the following command in the testing folder: | |
|
||
|
||
|
||
## Feedback | ||
## Feedback | ||
If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-iam-role/issues), or feel free to drop us an email at [[email protected]](mailto:[email protected]). | ||
|
||
If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/terraform-aws-iam-role)! | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters