update docs

terraform-modules · Jul 29, 2025 · 1fc08fb · 1fc08fb
1 parent 1a332f5
commit 1fc08fb
Show file tree

Hide file tree

Showing 4 changed files with 102 additions and 0 deletions.
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
@@ -0,0 +1,45 @@
+formatter: markdown table
+
+header-from: main.tf
+footer-from: ""
+
+sections:
+##  hide: []
+  show: 
+    - data-sources
+    - header
+    - footer
+    - inputs
+    - modules
+    - outputs
+    - providers
+    - requirements
+    - resources
+
+output:
+  file: README.md
+  mode: replace
+#   mode: inject
+#   template: |-
+#     <!-- BEGIN_TF_DOCS -->
+#     {{ .Content }}
+#     <!-- END_TF_DOCS -->
+
+## output-values:
+##   enabled: false
+##   from: ""
+## 
+## sort:
+##   enabled: true
+##   by: name
+## 
+## settings:
+##   anchor: true
+##   color: true
+##   default: true
+##   description: false
+##   escape: true
+##   indent: 2
+##   required: true
+##   sensitive: true
+##   type: true
diff --git a/rolesanywhere/.terraform-docs.yml b/rolesanywhere/.terraform-docs.yml
@@ -0,0 +1 @@
+../.terraform-docs.yml
diff --git a/rolesanywhere/README.md b/rolesanywhere/README.md
@@ -1,3 +1,4 @@
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -63,3 +64,4 @@
 |------|-------------|
 | <a name="output_role_arn"></a> [role\_arn](#output\_role\_arn) | Created role ARN |
 | <a name="output_role_name"></a> [role\_name](#output\_role\_name) | Created role name |
+<!-- END_TF_DOCS -->
diff --git a/rolesanywhere/main.tf b/rolesanywhere/main.tf
@@ -14,3 +14,57 @@ locals {
   role_name        = format("%v%v", lookup(local._prefixes, "role", ""), var.role_name)
   role_description = var.role_description == "" ? format("%vRole for %v", local.saml_string, var.role_name) : var.role_description
 }
+
+
+/*
+* # About aws-iam-role/rolesanywhere
+*
+* This module will create an IAM RolesAnywhere role, profile, and certificate from ACM-PCA.
+*
+* ## Policies
+*
+* When using `attached_policies`, it is important those policy ARNs exist before attempting to use the module
+* with `plan` or `apply`.  The module is called with an unknown value and it fails if not.  You'll need to target your
+* first apply with that of the policy like:
+*
+* ```shell
+* tf-apply -target=aws_iam_policy.mypolicy
+* ```
+*
+* # Usage
+*
+* Creating a role.
+* ```hcl
+* module "myrole2" {
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+*   role_name            = "my-role2"
+*   attached_policies    = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]
+*   contact_group_email  = "group-email-address@census.gov"
+* }
+* ```
+*
+* Creating a with inline policies and a different OU for the certificate
+* ```hcl
+* data "aws_iam_document_policy" "my-policy-1" {
+*   statement {
+*     sid = "NameOfPermissiosn"
+*     # rest of stuff
+*   }
+* }
+* 
+* module "myrole3" {
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+* 
+*   role_name              = "my-role3"
+*   attached_policies      = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]
+*   contact_group_email    = "group-email-address@census.gov"
+*   certificate_conditions = { "x509Subject/OU" = "MyRolesAnywhere" }
+*   inline_policies        = [
+*     {
+*       name = "my-policy-1"
+*       policy = data.aws_iam_policy_document.my-policy-1.json
+*     }
+*   ]
+* }
+* ```
+*/