Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
T
tf_mod_aws_iam_steamhaus_role
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
steamhaus
tf_mod_aws_iam_steamhaus_role
Commits
c105750b
Commit
c105750b
authored
Dec 14, 2016
by
A-Gordon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Terraform role to deploy the Steamhaus role to allow Steamhaus to assume the role
parents
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
65 additions
and
0 deletions
+65
-0
assume_role.json
assume_role.json
+21
-0
main.tf
main.tf
+44
-0
No files found.
assume_role.json
0 → 100644
View file @
c105750b
{
"Version"
:
"2012-10-17"
,
"Statement"
:
[
{
"Effect"
:
"Allow"
,
"Principal"
:
{
"AWS"
:
"arn:aws:iam::${source_account_id}:root"
},
"Action"
:
"sts:AssumeRole"
,
"Condition"
:
{
"StringEquals"
:
{
"sts:ExternalId"
:
"${external_id}"
},
"Bool"
:
{
"aws:MultiFactorAuthPresent"
:
"true"
}
}
}
]
}
\ No newline at end of file
main.tf
0 → 100644
View file @
c105750b
#############################################################################################################
# Variables
#############################################################################################################
variable
"source_account_id"
{
description
=
"ID of the source AWS account to be allowed accesss"
default
=
"153730384924"
}
variable
"external_id"
{
description
=
"The External ID of the destination account, this is provided by Steamhaus"
}
#############################################################################################################
# IAM Role, Policy and Attachment
#############################################################################################################
data
"template_file"
"assume_role"
{
template
=
"
${
file
(
"
${
path
.
module}
/assume_role.json"
)
}
"
vars
{
source_account_id
=
"
${
var
.
source_account_id
}
"
external_id
=
"
${
var
.
external_id
}
"
}
}
resource
"aws_iam_role"
"steamhaus"
{
name
=
"Steamhaus"
assume_role_policy
=
"
${data
.
template_file
.
assume_role
.
rendered
}
"
lifecycle
{
create_before_destroy
=
true
}
}
resource
"aws_iam_role_policy_attachment"
"test-attach"
{
role
=
"
${
aws_iam_role
.
steamhaus
.
name
}
"
policy_arn
=
"arn:aws:iam::aws:policy/AdministratorAccess"
}
#############################################################################################################
# Outputs
#############################################################################################################
output
"role_name"
{
value
=
"
${
aws_iam_role
.
steamhaus
.
name
}
"
}
output
"role_arn"
{
value
=
"
${
aws_iam_role
.
steamhaus
.
arn
}
"
}
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
