From 86f990c97e3e687c5e97e0aec0107a9c005f4d51 Mon Sep 17 00:00:00 2001 From: badra001 Date: Thu, 17 Jun 2021 11:39:16 -0400 Subject: [PATCH] v1.1.0: add inline_policies --- CHANGELOG.md | 3 +++ README.md | 16 +++++++++++++++- main.tf | 23 +++++++++++++++++++++++ variables.tf | 6 ++++++ version.tf | 2 +- 5 files changed, 48 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65bdbc9..9eff466 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,3 +13,6 @@ * v1.0.3 -- 20210402 - add export of ldap_dn + +* v1.1.0 -- 20210617 + - add inline_policies diff --git a/README.md b/README.md index 32aac9c..d643bdb 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,20 @@ module "myrole2" { role_name = "my-role2" attached_policies = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ] } -``` +Creating a non-SAML role with inline policies +```hcl +module "myrole3" { + source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git" + + role\_name = "my-role3" + attached\_policies = [ data.aws\_iam\_policy.aws-managed-readonlyaccess.arn ] + inline\_policies = [ + { + name = "my-policy-1" + policy = data.aws\_iam\_policy\_documennt.my-policy-1.json + } + ] +} ## Requirements @@ -113,6 +126,7 @@ No modules. | [attached\_policies](#input\_attached\_policies) | List of IAM Policy ARNs to attach to this role | `list(string)` | `[]` | no | | [component\_tags](#input\_component\_tags) | Additional tags for Components (role, policy) | `map(map(string))` | 
{
  "policy": {},
  "role": {}
}
| no | | [enable\_ldap\_creation](#input\_enable\_ldap\_creation) | Flag to enable/disable LDAP object creation for role group (for SAML only). Also requires LDAP credentials. | `bool` | `false` | no | +| [inline\_policies](#input\_inline\_policies) | List of IAM Policy Document objects to include in this role. Format is {name=name,policy=policy-json} | `list(object({ name = string, policy = string }))` | `[]` | no | | [ldap\_host](#input\_ldap\_host) | LDAP Hostname (default is for eBOCAS) | `string` | `"ldap.e.tco.census.gov"` | no | | [ldap\_password](#input\_ldap\_password) | LDAP password for ldap\_user for writing data into eDirectory or Active Directory | `string` | `""` | no | | [ldap\_port](#input\_ldap\_port) | LDAP port (default is 389 but also using STARTTLS) | `number` | `389` | no | diff --git a/main.tf b/main.tf index 93d461a..d3ca7dc 100644 --- a/main.tf +++ b/main.tf @@ -69,6 +69,20 @@ * role_name = "my-role2" * attached_policies = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ] * } +* Creating a non-SAML role with inline policies +* ```hcl +* module "myrole3" { +* source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git" +* +* role_name = "my-role3" +* attached_policies = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ] +* inline_policies = [ +* { +* name = "my-policy-1" +* policy = data.aws_iam_policy_documennt.my-policy-1.json +* } +* ] +* } * ``` */ @@ -112,6 +126,15 @@ resource "aws_iam_role" "role" { # assume_role_policy = data.terraform_remote_state.common.outputs.inf_saml_assume_policy_document assume_role_policy = var.assume_policy_document + dynamic "inline_policy" { + for_each = var.inline_policies + iterator = p + content { + name = p.name + policy = p.policy + } + } + tags = merge( var.tags, local.base_tags, diff --git a/variables.tf b/variables.tf index cf8c8bd..5cca66a 100644 --- a/variables.tf +++ b/variables.tf @@ -33,6 +33,12 @@ variable "attached_policies" { default = [] } +variable "inline_policies" { + description = "List of IAM Policy Document objects to include in this role. Format is {name=name,policy=policy-json}" + type = list(object({ name = string, policy = string })) + default = [] +} + #--- # ldap #--- diff --git a/version.tf b/version.tf index 1dfb710..9c489cd 100644 --- a/version.tf +++ b/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "1.0.3" + _module_version = "1.1.0" }