From 2918485bae1432f97137996a57b463902fa9c05b Mon Sep 17 00:00:00 2001 From: badra001 Date: Mon, 1 Mar 2021 12:38:01 -0500 Subject: [PATCH] add README --- README.md | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..48d4c87 --- /dev/null +++ b/README.md @@ -0,0 +1,83 @@ +# About aws-iam-role + +# Usage + +```hcl +module "myrole" { + source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.gi" + + role_name = "my-role" + saml_provider_arn = "aws:aws-us-gov:iam:1234567890:saml/X" + enable_ldap_creation = true + assume_policy_document = data.terraform_remote_state.common.outputs.saml_assume_json + ec2_assume_policy_document = "X" + attached_policies = ["arn1", "arn2"] + ldap_user = "cn=myuser,ou=Application,o=U.S. Census Bureau,c=US" + ldap_password = "password1234$$" + + # optional + ec2_role_name = "my-role-other" + enable_instance_role = false + ec2_attached_policies = [] + ldap_host = "ldap.e.tco.census.gov" + ldap_port = 389 +} +``` + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| aws | n/a | +| ldap | n/a | +| ldap.ebocas | n/a | +| null | n/a | +| template | n/a | + +## Modules + +No Modules. + +## Resources + +| Name | +|------| +| [aws_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | +| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | +| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | +| [ldap_object](https://registry.terraform.io/providers/hashicorp/ldap/latest/docs/resources/object) | +| [null_resource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | +| [template_file](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| account\_alias | AWS Account Alias | `string` | `""` | no | +| account\_id | AWS Account ID (default will pull from current user) | `string` | `""` | no | +| assume\_policy\_document | JSON policy document for role to assume (i.e., the SAML assume document) | `string` | `""` | no | +| attached\_policies | List of IAM Policy ARNs to attach to this role | `list(string)` | `[]` | no | +| ec2\_assume\_policy\_document | JSON policy document for EC2 instance role (default is sts:AssumeRole for ec2 service) | `string` | `""` | no | +| ec2\_attached\_policies | List of IAM Policy ARNs to attach to this EC2 instance role | `list(string)` | `[]` | no | +| ec2\_role\_name | EC2 instace Role/application name without prefix | `string` | `""` | no | +| enable\_instance\_role | Flag to enable the creation of a partner EC2 instance role with specific policies and optionally a different name | `boolean` | `false` | no | +| enable\_ldap\_creation | Flag to enable/disable LDAP object creation for role group (for SAML only). Also requires LDAP credentials. | `boolean` | `false` | no | +| ldap\_host | LDAP Hostname (default is for eBOCAS) | `string` | `"ldap.e.tco.census.gov"` | no | +| ldap\_password | LDAP password for ldap\_user for writing data into eDirectory or Active Directory | `string` | `""` | no | +| ldap\_port | LDAP port (default is 389 but also using STARTTLS) | `number` | `389` | no | +| ldap\_user | LDAP user for writing data into eDirectory or Active Directory | `string` | `""` | no | +| override\_prefixes | Override built-in prefixes by component (role, policy). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no | +| role\_name | Role/application name without prefix | `string` | n/a | yes | +| saml\_provider\_arn | ARN of SAML Provider | `string` | `""` | no | +| tags | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no | + +## Outputs +