moajo/terraform-backend-access-role

The role to access the https://github.com/moajo/terraform-backend-s3-bucket

This role has minimal access to S3 and KMS.

example

module "terraform_backend" {
  source      = "github.com/moajo/terraform-backend-s3-bucket.git?ref=v3.0.0"
  bucket_name = "projecthogehoge-terraform-backend" # Must be a globally unique bucket name
}

module "terraform_backend_role" {
  source        = "github.com/moajo/terraform-backend-access-role.git?ref=v3.0.0"
  rolename      = "terraform-backend-accessor"
  s3_bucket_arn = module.terraform_backend.bucket.arn

  delegate_principals = [
    "arn:aws:iam::123456789000:user/example", # Allow single user
    # "123456789000", # Allow all of user in account
  ]
}

# module.terraform_backend_role.role_arn

Requirements

Name	Version
aws	~> 5.0

Providers

Name	Version
aws	~> 5.0

Modules

No modules.

Resources

Name	Type
aws_iam_role.main	resource
aws_kms_key.backend	data source

Inputs

Name	Description	Type	Default	Required
delegate_principals	List of principals to allow for sts:AssumeRole	`list(string)`	n/a	yes
kms_alias	Alias for the KMS key used to encrypt the S3 bucket.	`string`	`"s3-terraform"`	no
rolename	Name of the role.	`string`	n/a	yes
s3_bucket_arn	ARN of S3 bucket for store tfstate.	`string`	n/a	yes

Outputs

Name	Description
role_arn	ARN of created role

moajo / terraform-backend-access-role

example

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Languages