diff --git a/tags/outputs.tf b/tags/outputs.tf
index bb02d70..cf9d044 100644
--- a/tags/outputs.tf
+++ b/tags/outputs.tf
@@ -13,3 +13,8 @@ output "tag_hierarchy" {
     "finops" = local.finops_tags
   }
 }
+
+output "finops_roles" {
+  description = "Map of finops_project_role values based on finops_project_name and finops.roles in YAML"
+  value = { for r in local.finops_roles : r => format("%v_%v", local._finops_tags.name, r) }
+}
diff --git a/tags/tags.finops.tf b/tags/tags.finops.tf
index 42f464d..8dd12ea 100644
--- a/tags/tags.finops.tf
+++ b/tags/tags.finops.tf
@@ -7,6 +7,7 @@ locals {
     project_role   = local._finops.role != null ? replace(replace(local._finops.role, "+", format("%v_", local._finops.name)), "/[^a-z0-9_]/", "") : null
   }
   finops_tags = { for k, v in local._finops_tags : k => v if v != null && k != "prefix" }
+  finops_roles = [for r in lookup(local.tags_in.finops,"roles",[]): lower(r) ]
 }
 
 resource "terraform_data" "finops" {
@@ -21,3 +22,14 @@ resource "terraform_data" "finops" {
   }
 }
 
+resource "terraform_data" "finops_roles" {
+  count = length(local.finops_roles) > 0 ? 1 : 0
+  input = local.finops_roles
+
+  lifecycle {
+    precondition {
+      condition     = any([for r in local.finops_roles: length(regexall("[^0-9a-z_]",r)) > 0 ])
+      error_message = "finops.roles fields can contain only 0-9, a-z, and underscore."
+    }
+  }
+}