File tree Expand file tree Collapse file tree 21 files changed +171
-13
lines changed
iam-assumable-role-with-oidc
iam-assumable-role-with-saml
iam-assumable-roles-with-saml
iam-assumable-role-with-oidc
iam-assumable-role-with-saml
iam-assumable-roles-with-saml Expand file tree Collapse file tree 21 files changed +171
-13
lines changed Original file line number Diff line number Diff line change @@ -31,6 +31,7 @@ No providers.
3131| Name | Source | Version |
3232| ------| --------| ---------|
3333| <a name =" module_iam_assumable_role_admin " ></a > [ iam\_ assumable\_ role\_ admin] ( #module\_ iam\_ assumable\_ role\_ admin ) | ../../modules/iam-assumable-role-with-oidc | n/a |
34+ | <a name =" module_iam_assumable_role_self_assume " ></a > [ iam\_ assumable\_ role\_ self\_ assume] ( #module\_ iam\_ assumable\_ role\_ self\_ assume ) | ../../modules/iam-assumable-role-with-oidc | n/a |
3435
3536## Resources
3637
Original file line number Diff line number Diff line change @@ -25,3 +25,28 @@ module "iam_assumable_role_admin" {
2525
2626 oidc_fully_qualified_subjects = " system:serviceaccount:default:sa1" " system:serviceaccount:default:sa2"
2727}
28+
29+ # ####################################
30+ # IAM assumable role with self assume
31+ # ####################################
32+ module "iam_assumable_role_self_assume" {
33+ source = " ../../modules/iam-assumable-role-with-oidc"
34+
35+ create_role = true
36+ allow_self_assume_role = true
37+
38+ role_name = " role-with-oidc-self-assume"
39+
40+ tags =
41+ Role = " role-with-oidc-self-assume"
42+ }
43+
44+ provider_url = " oidc.eks.eu-west-1.amazonaws.com/id/BA9E170D464AF7B92084EF72A69B9DC8"
45+ provider_urls = " oidc.eks.eu-west-1.amazonaws.com/id/AA9E170D464AF7B92084EF72A69B9DC8"
46+
47+ role_policy_arns =
48+ " arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
49+ ]
50+
51+ oidc_fully_qualified_subjects = " system:serviceaccount:default:sa1" " system:serviceaccount:default:sa2"
52+ }
Original file line number Diff line number Diff line change @@ -33,6 +33,7 @@ Run `terraform destroy` when you don't need these resources.
3333| Name | Source | Version |
3434| ------| --------| ---------|
3535| <a name =" module_iam_assumable_role_admin " ></a > [ iam\_ assumable\_ role\_ admin] ( #module\_ iam\_ assumable\_ role\_ admin ) | ../../modules/iam-assumable-role-with-saml | n/a |
36+ | <a name =" module_iam_assumable_role_self_assume " ></a > [ iam\_ assumable\_ role\_ self\_ assume] ( #module\_ iam\_ assumable\_ role\_ self\_ assume ) | ../../modules/iam-assumable-role-with-saml | n/a |
3637
3738## Resources
3839
Original file line number Diff line number Diff line change @@ -33,3 +33,26 @@ module "iam_assumable_role_admin" {
3333 " arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
3434 ]
3535}
36+
37+ # ####################################
38+ # IAM assumable role with self assume
39+ # ####################################
40+ module "iam_assumable_role_self_assume" {
41+ source = " ../../modules/iam-assumable-role-with-saml"
42+
43+ create_role = true
44+ allow_self_assume_role = true
45+
46+ role_name = " role-with-saml-self-assume"
47+
48+ tags =
49+ Role = " role-with-saml-self-assume"
50+ }
51+
52+ provider_id = . idp_saml . id
53+ provider_ids = aws_iam_saml_provider . second_idp_saml . id ]
54+
55+ role_policy_arns =
56+ " arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
57+ ]
58+ }
Original file line number Diff line number Diff line change @@ -35,6 +35,7 @@ Run `terraform destroy` when you don't need these resources.
3535| <a name =" module_iam_assumable_roles_with_saml " ></a > [ iam\_ assumable\_ roles\_ with\_ saml] ( #module\_ iam\_ assumable\_ roles\_ with\_ saml ) | ../../modules/iam-assumable-roles-with-saml | n/a |
3636| <a name =" module_iam_assumable_roles_with_saml_custom " ></a > [ iam\_ assumable\_ roles\_ with\_ saml\_ custom] ( #module\_ iam\_ assumable\_ roles\_ with\_ saml\_ custom ) | ../../modules/iam-assumable-roles-with-saml | n/a |
3737| <a name =" module_iam_assumable_roles_with_saml_second_provider " ></a > [ iam\_ assumable\_ roles\_ with\_ saml\_ second\_ provider] ( #module\_ iam\_ assumable\_ roles\_ with\_ saml\_ second\_ provider ) | ../../modules/iam-assumable-roles-with-saml | n/a |
38+ | <a name =" module_iam_assumable_roles_with_saml_with_self_assume " ></a > [ iam\_ assumable\_ roles\_ with\_ saml\_ with\_ self\_ assume] ( #module\_ iam\_ assumable\_ roles\_ with\_ saml\_ with\_ self\_ assume ) | ../../modules/iam-assumable-roles-with-saml | n/a |
3839
3940## Resources
4041
Original file line number Diff line number Diff line change @@ -39,7 +39,9 @@ module "iam_assumable_roles_with_saml_second_provider" {
3939 create_admin_role = true
4040
4141 create_poweruser_role = true
42- poweruser_role_name = " developer"
42+ admin_role_name = " Admin-Role-Name"
43+ poweruser_role_name = " Poweruser-Role-Name"
44+ readonly_role_name = " Readonly-Role-Name"
4345
4446 create_readonly_role = true
4547
@@ -58,3 +60,20 @@ module "iam_assumable_roles_with_saml_custom" {
5860
5961 provider_id = . idp_saml . id
6062}
63+
64+ # ###############################################
65+ # IAM assumable roles with SAML with self assume
66+ # ###############################################
67+ module "iam_assumable_roles_with_saml_with_self_assume" {
68+ source = " ../../modules/iam-assumable-roles-with-saml"
69+
70+ create_admin_role = true
71+ allow_self_assume_role = true
72+ create_poweruser_role = true
73+ admin_role_name = " Admin-Role-Name-Self-Assume"
74+ poweruser_role_name = " Poweruser-Role-Name-Self-Assume"
75+ readonly_role_name = " Readonly-Role-Name-Self-Assume"
76+ create_readonly_role = true
77+
78+ provider_id = . idp_saml . id
79+ }
Original file line number Diff line number Diff line change @@ -31,6 +31,7 @@ No providers.
3131| Name | Source | Version |
3232| ------| --------| ---------|
3333| <a name =" module_iam_assumable_roles " ></a > [ iam\_ assumable\_ roles] ( #module\_ iam\_ assumable\_ roles ) | ../../modules/iam-assumable-roles | n/a |
34+ | <a name =" module_iam_assumable_roles_with_self_assume " ></a > [ iam\_ assumable\_ roles\_ with\_ self\_ assume] ( #module\_ iam\_ assumable\_ roles\_ with\_ self\_ assume ) | ../../modules/iam-assumable-roles | n/a |
3435
3536## Resources
3637
Original file line number Diff line number Diff line change @@ -26,3 +26,30 @@ module "iam_assumable_roles" {
2626 create_readonly_role = true
2727 readonly_role_requires_mfa = false
2828}
29+
30+ # #####################################
31+ # IAM assumable roles with self assume
32+ # #####################################
33+ module "iam_assumable_roles_with_self_assume" {
34+ source = " ../../modules/iam-assumable-roles"
35+
36+ trusted_role_arns =
37+ " arn:aws:iam::307990089504:root"
38+ " arn:aws:iam::835367859851:user/anton"
39+ ]
40+
41+ trusted_role_services =
42+ " codedeploy.amazonaws.com"
43+ ]
44+
45+ create_admin_role = true
46+ allow_self_assume_role = true
47+ create_poweruser_role = true
48+ admin_role_name = " Admin-Role-Name-Self-Assume"
49+ poweruser_role_name = " Billing-And-Support-Access-Self-Assume"
50+ poweruser_role_policy_arns = " arn:aws:iam::aws:policy/job-function/Billing" " arn:aws:iam::aws:policy/AWSSupportAccess"
51+ readonly_role_name = " Read-Only-Role-Name-Self-Assume"
52+
53+ create_readonly_role = true
54+ readonly_role_requires_mfa = false
55+ }
Original file line number Diff line number Diff line change @@ -36,13 +36,14 @@ Run `terraform destroy` when you don't need these resources.
3636| ------| --------| ---------|
3737| <a name =" module_eks " ></a > [ eks] ( #module\_ eks ) | terraform-aws-modules/eks/aws | ~ > 18.0 |
3838| <a name =" module_iam_eks_role " ></a > [ iam\_ eks\_ role] ( #module\_ iam\_ eks\_ role ) | ../../modules/iam-eks-role | n/a |
39+ | <a name =" module_iam_eks_role_with_self_assume " ></a > [ iam\_ eks\_ role\_ with\_ self\_ assume] ( #module\_ iam\_ eks\_ role\_ with\_ self\_ assume ) | ../../modules/iam-eks-role | n/a |
3940
4041## Resources
4142
4243| Name | Type |
4344| ------| ------|
4445| [ random_pet.this] ( https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet ) | resource |
45- | [ aws_subnet_ids .all] ( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids ) | data source |
46+ | [ aws_subnets .all] ( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets ) | data source |
4647| [ aws_vpc.default] ( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc ) | data source |
4748
4849## Inputs
Original file line number Diff line number Diff line change @@ -19,6 +19,27 @@ module "iam_eks_role" {
1919 }
2020}
2121
22+ # ##############################
23+ # IAM EKS role with self assume
24+ # ##############################
25+ module "iam_eks_role_with_self_assume" {
26+ source = " ../../modules/iam-eks-role"
27+ role_name = " my-app-self-assume"
28+
29+ allow_self_assume_role = true
30+ cluster_service_accounts =
31+ (random_pet. this . id ) = [" default:my-app"
32+ }
33+
34+ tags =
35+ Name = " eks-role"
36+ }
37+
38+ role_policy_arns =
39+ AmazonEKS_CNI_Policy = " arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
40+ }
41+ }
42+
2243# #################
2344# Extra resources
2445# #################
@@ -35,7 +56,7 @@ module "eks" {
3556 cluster_version = " 1.21"
3657
3758 vpc_id = . aws_vpc . default . id
38- subnet_ids = . aws_subnet_ids . all . ids
59+ subnet_ids = . aws_subnets . all . ids
3960}
4061
4162# #################################################################
@@ -46,6 +67,9 @@ data "aws_vpc" "default" {
4667 default = true
4768}
4869
49- data "aws_subnet_ids" "all" {
50- vpc_id = . aws_vpc . default . id
70+ data "aws_subnets" "all" {
71+ filter {
72+ name = " vpc-id"
73+ values = data . aws_vpc . default . id ]
74+ }
5175}
You can’t perform that action at this time.
0 commit comments