Basic AWS IAM role and policy module that expects 2 json files (see directory: ./lambda-policy-example/):
- Assume role policy, defines the principle service actor. In the example that is Lambda.
- Access policy, defines the policies that determine which services the assumed role has access to.
You can copy the example files in the local module policies directory. To set up variables you can use the role_vars parameter to pass thm along to the json policy file.
module "iam" {
source = "github.com/rpstreef/tf-iam?ref=v1.0"
namespace = var.namespace
region = var.region
resource_tag_name = var.resource_tag_name
assume_role_policy = file("${path.module}/policies/lambda-assume-role.json")
template = file("${path.module}/policies/lambda.json")
role_name = "${local.lambda_function_name}-role"
policy_name = "${local.lambda_function_name}-policy"
role_vars = {
cognito_user_pool_arn = var.cognito_user_pool_arn
}
}- Initial release