Skip to content

Commit a37dcb6

Browse files
Kevinwochanbryantbiggs
Kevinwochan
and
bryantbiggs
authored
docs: Add IAM role with inline policy example (#615)
Co-authored-by: Bryant Biggs <[email protected]>
1 parent e47c6ed commit a37dcb6

File tree

3 files changed

+89
-0
lines changed

3 files changed

+89
-0
lines changed

examples/iam-role/README.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ Run `terraform destroy` when you don't need these resources.
3535
| <a name="module_iam_role_circleci_oidc"></a> [iam\_role\_circleci\_oidc](#module\_iam\_role\_circleci\_oidc) | ../../modules/iam-role | n/a |
3636
| <a name="module_iam_role_disabled"></a> [iam\_role\_disabled](#module\_iam\_role\_disabled) | ../../modules/iam-role | n/a |
3737
| <a name="module_iam_role_github_oidc"></a> [iam\_role\_github\_oidc](#module\_iam\_role\_github\_oidc) | ../../modules/iam-role | n/a |
38+
| <a name="module_iam_role_inline_policy"></a> [iam\_role\_inline\_policy](#module\_iam\_role\_inline\_policy) | ../../modules/iam-role | n/a |
3839
| <a name="module_iam_role_instance_profile"></a> [iam\_role\_instance\_profile](#module\_iam\_role\_instance\_profile) | ../../modules/iam-role | n/a |
3940
| <a name="module_iam_role_saml"></a> [iam\_role\_saml](#module\_iam\_role\_saml) | ../../modules/iam-role | n/a |
4041
| <a name="module_iam_roles"></a> [iam\_roles](#module\_iam\_roles) | ../../modules/iam-role | n/a |
@@ -69,6 +70,13 @@ No inputs.
6970
| <a name="output_github_oidc_iam_role_arn"></a> [github\_oidc\_iam\_role\_arn](#output\_github\_oidc\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
7071
| <a name="output_github_oidc_iam_role_name"></a> [github\_oidc\_iam\_role\_name](#output\_github\_oidc\_iam\_role\_name) | The name of the IAM role |
7172
| <a name="output_github_oidc_iam_role_unique_id"></a> [github\_oidc\_iam\_role\_unique\_id](#output\_github\_oidc\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
73+
| <a name="output_inline_policy_iam_instance_profile_arn"></a> [inline\_policy\_iam\_instance\_profile\_arn](#output\_inline\_policy\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile |
74+
| <a name="output_inline_policy_iam_instance_profile_id"></a> [inline\_policy\_iam\_instance\_profile\_id](#output\_inline\_policy\_iam\_instance\_profile\_id) | Instance profile's ID |
75+
| <a name="output_inline_policy_iam_instance_profile_name"></a> [inline\_policy\_iam\_instance\_profile\_name](#output\_inline\_policy\_iam\_instance\_profile\_name) | Name of IAM instance profile |
76+
| <a name="output_inline_policy_iam_instance_profile_unique_id"></a> [inline\_policy\_iam\_instance\_profile\_unique\_id](#output\_inline\_policy\_iam\_instance\_profile\_unique\_id) | Stable and unique string identifying the IAM instance profile |
77+
| <a name="output_inline_policy_iam_role_arn"></a> [inline\_policy\_iam\_role\_arn](#output\_inline\_policy\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
78+
| <a name="output_inline_policy_iam_role_name"></a> [inline\_policy\_iam\_role\_name](#output\_inline\_policy\_iam\_role\_name) | The name of the IAM role |
79+
| <a name="output_inline_policy_iam_role_unique_id"></a> [inline\_policy\_iam\_role\_unique\_id](#output\_inline\_policy\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
7280
| <a name="output_instance_profile_iam_instance_profile_arn"></a> [instance\_profile\_iam\_instance\_profile\_arn](#output\_instance\_profile\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile |
7381
| <a name="output_instance_profile_iam_instance_profile_id"></a> [instance\_profile\_iam\_instance\_profile\_id](#output\_instance\_profile\_iam\_instance\_profile\_id) | Instance profile's ID |
7482
| <a name="output_instance_profile_iam_instance_profile_name"></a> [instance\_profile\_iam\_instance\_profile\_name](#output\_instance\_profile\_iam\_instance\_profile\_name) | Name of IAM instance profile |

examples/iam-role/main.tf

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,48 @@ module "iam_role_saml" {
187187
tags = local.tags
188188
}
189189

190+
################################################################################
191+
# IAM Role - Inline Policy
192+
################################################################################
193+
194+
module "iam_role_inline_policy" {
195+
source = "../../modules/iam-role"
196+
197+
name = "${local.name}-inline-policy"
198+
199+
create_instance_profile = true
200+
201+
trust_policy_permissions = {
202+
ec2 = {
203+
effect = "Allow"
204+
actions = [
205+
"sts:AssumeRole"
206+
]
207+
principals = [{
208+
type = "Service"
209+
identifiers = ["ec2.amazonaws.com"]
210+
}]
211+
}
212+
}
213+
214+
create_inline_policy = true
215+
inline_policy_permissions = {
216+
S3ReadAccess = {
217+
effect = "Allow"
218+
actions = [
219+
"s3:GetObject",
220+
"s3:ListBucket"
221+
]
222+
resources = [
223+
"arn:aws:s3:::example-bucket",
224+
"arn:aws:s3:::example-bucket/*"
225+
]
226+
}
227+
}
228+
229+
tags = local.tags
230+
}
231+
190232
################################################################################
191233
# Supporting resources
192234
################################################################################

examples/iam-role/outputs.tf

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -153,3 +153,42 @@ output "saml_iam_instance_profile_unique_id" {
153153
description = "Stable and unique string identifying the IAM instance profile"
154154
value = module.iam_role_saml.instance_profile_unique_id
155155
}
156+
157+
################################################################################
158+
# IAM Role - Inline Policy
159+
################################################################################
160+
161+
output "inline_policy_iam_role_name" {
162+
description = "The name of the IAM role"
163+
value = module.iam_role_inline_policy.name
164+
}
165+
166+
output "inline_policy_iam_role_arn" {
167+
description = "The Amazon Resource Name (ARN) specifying the IAM role"
168+
value = module.iam_role_inline_policy.arn
169+
}
170+
171+
output "inline_policy_iam_role_unique_id" {
172+
description = "Stable and unique string identifying the IAM role"
173+
value = module.iam_role_inline_policy.unique_id
174+
}
175+
176+
output "inline_policy_iam_instance_profile_arn" {
177+
description = "ARN assigned by AWS to the instance profile"
178+
value = module.iam_role_inline_policy.instance_profile_arn
179+
}
180+
181+
output "inline_policy_iam_instance_profile_id" {
182+
description = "Instance profile's ID"
183+
value = module.iam_role_inline_policy.instance_profile_id
184+
}
185+
186+
output "inline_policy_iam_instance_profile_name" {
187+
description = "Name of IAM instance profile"
188+
value = module.iam_role_inline_policy.instance_profile_name
189+
}
190+
191+
output "inline_policy_iam_instance_profile_unique_id" {
192+
description = "Stable and unique string identifying the IAM instance profile"
193+
value = module.iam_role_inline_policy.instance_profile_unique_id
194+
}

0 commit comments

Comments
 (0)