The role to access the https://github.com/moajo/terraform-backend-s3-bucket
This role has minimal access to S3 and KMS.
module "terraform_backend" {
source = "github.com/moajo/terraform-backend-s3-bucket.git?ref=v3.0.0"
bucket_name = "projecthogehoge-terraform-backend" # Must be a globally unique bucket name
}
module "terraform_backend_role" {
source = "github.com/moajo/terraform-backend-access-role.git?ref=v3.0.0"
rolename = "terraform-backend-accessor"
s3_bucket_arn = module.terraform_backend.bucket.arn
delegate_principals = [
"arn:aws:iam::123456789000:user/example", # Allow single user
# "123456789000", # Allow all of user in account
]
}
# module.terraform_backend_role.role_arn
No modules.
Name |
Description |
Type |
Default |
Required |
delegate_principals |
List of principals to allow for sts:AssumeRole |
list(string) |
n/a |
yes |
kms_alias |
Alias for the KMS key used to encrypt the S3 bucket. |
string |
"s3-terraform" |
no |
rolename |
Name of the role. |
string |
n/a |
yes |
s3_bucket_arn |
ARN of S3 bucket for store tfstate. |
string |
n/a |
yes |
Name |
Description |
role_arn |
ARN of created role |