Merge pull request #6 from rafikurnia/develop/add-max-session-duration-support

Add `max_session_duration` support

Author: rafikurnia

README.md

@@ -1,49 +1,63 @@
 terraform-aws-iam-role
 ======================
-
 Terraform module to create AWS IAM Role. 
 Currently supported type of Roles are:
 1. Role for AWS Service
 2. Role for IAM User
 3. Role for External AWS Account
+4. Role for Instance Profile
+
 
 Usage
 -----
-
 This module will only create an IAM Role and its Trust Relationships policy document. You need to attach your own Permission policy document outside the module.
 
 To use a particular type of supported role, you can go into `modules` folder and read `README.md` at each subfolder for more detailed information.
 
 To understand better on how to implement this module, you can go into `examples` folder and try them.
 
+
 Modules
 --------
-
 * [AWS Service](https://github.com/traveloka/terraform-aws-iam-role/tree/master/modules/service)
 * [IAM User](https://github.com/traveloka/terraform-aws-iam-role/tree/master/modules/user)
 * [External AWS Account](https://github.com/traveloka/terraform-aws-iam-role/tree/master/modules/external)
+* [Instance Profile](https://github.com/traveloka/terraform-aws-iam-role/tree/master/modules/instance)
+
 
 Examples
 --------
+* [Service Role for Config](https://github.com/traveloka/terraform-aws-iam-role/tree/master/examples/aws-service-config)
+* [IAM Role for User](https://github.com/traveloka/terraform-aws-iam-role/tree/master/examples/user-iam)
+* [IAM Role for 3rd Party AWS Account](https://github.com/traveloka/terraform-aws-iam-role/tree/master/examples/external-account)
+* [IAM Role for Instance Profile](https://github.com/traveloka/terraform-aws-iam-role/tree/master/examples/instance-profile)
+
 
-* [Service Role for Config](https://github.com/traveloka/terraform-aws-iam-role/tree/master/examples/aws_service_config)
-* [IAM Role for 3rd Party AWS Account](https://github.com/traveloka/terraform-aws-iam-role/tree/master/examples/external_account)
-* [IAM Role for User](https://github.com/traveloka/terraform-aws-iam-role/tree/master/examples/user_iam)
+Tests
+-----
+To run the test:
+1. Install Ruby with version specified in the [Gemfile](https://github.com/traveloka/terraform-aws-iam-role/tree/master/Gemfile).
+2. Install bundler: `gem install bundler`
+3. Install gems: `bundle install`
+4. Run test from the root of the repository: `bundle exec kitchen test`
 
 
 Terraform Version
 -----------------
-
 This module was created using Terraform 0.11.4. 
 So to be more safe, Terraform version 0.11.4 or newer is required to use this module.
 
 
+AWS Provider Version
+--------------------
+Minimum required version for AWS Provider is 1.14.0
+
+
 Authors
 -------
-
 * [Rafi Kurnia Putra](https://github.com/rafikurnia)
 
+
 License
 -------
-
-Apache 2 Licensed. See LICENSE for full details.
+Apache 2 Licensed. See LICENSE for full details.

examples/aws-service-config/README.md

@@ -0,0 +1,4 @@
+example/aws_service_config
+==========================
+
+This example will create an IAM Role for AWS Config.

examples/aws_service_config/main.tf renamed to examples/aws-service-config/main.tf

@@ -1,15 +1,18 @@
 provider "aws" {
-  version = "~> 1.13.0"
-  region  = "ap-southeast-1"
+  region = "ap-southeast-1"
 }
 
 module "this" {
-  source = "../../modules/service" # In actual use case, you have to replace this line with: source = "github.com/traveloka/terraform-aws-iam-role.git//modules/service?ref=0.0.1"
+  # In actual use case, you have to replace the following line (line 8) with: 
+  # source = "github.com/traveloka/terraform-aws-iam-role.git//modules/service?ref=v0.3.0"
+  source = "../../modules/service"
 
   role_identifier            = "Default Config"
   role_description           = "Service Role for Default AWS Config"
   role_force_detach_policies = false
-  aws_service                = "config.amazonaws.com"
+  role_max_session_duration  = 43200
+
+  aws_service = "config.amazonaws.com"
 }
 
 resource "aws_iam_role_policy_attachment" "this" {

examples/aws_service_config/outputs.tf renamed to examples/aws-service-config/outputs.tf

@@ -1,19 +1,20 @@
-# This example was created using terraform-provider-aws version 1.13.0 at 2018/04/03.
 provider "aws" {
-  version = "~> 1.13.0"
-  region  = "ap-southeast-1"
+  region = "ap-southeast-1"
 }
 
 module "this" {
-  source = "../../modules/external" # In actual use case, you have to replace this line with: source = "github.com/traveloka/terraform-aws-iam-role.git//modules/external?ref=0.0.1"
+  # In actual use case, you have to replace the following line (line 8) with:
+  # source = "github.com/traveloka/terraform-aws-iam-role.git//modules/external?ref=v0.3.0"
+  source = "../../modules/external"
 
   role_name                  = "ThirdPartyName"      # Replace this value with the name given by 3rd party, or define it by yourself with clear and describing name
   role_path                  = "/external/security/"
   role_description           = "Role for ThirdParty"
   role_force_detach_policies = true
+  role_max_session_duration  = 43200
 
   account_id  = "123456789012" # Replace this with 3rd party's AWS Account ID
-  external_id = "ABCDEFGHIJ01" # Only set this value if the 3rd party ask you to
+  external_id = "ABCDEFGHIJ01" # Don't set the value if not needed, only set this value if the 3rd party ask you to specify external_id.
 }
 
 resource "aws_iam_role_policy_attachment" "this" {

examples/aws_service_config/README.md

@@ -1,10 +1,11 @@
 provider "aws" {
-  version = "1.13.0"
-  region  = "ap-southeast-1"
+  region = "ap-southeast-1"
 }
 
 module "this" {
-  source = "../../modules/instance" # In actual use case, you have to replace this line with: source = "github.com/traveloka/terraform-aws-iam-role.git//modules/instance?ref=0.2.0"
+  # In actual use case, you have to replace the following line (line 8) with:
+  # source = "github.com/traveloka/terraform-aws-iam-role.git//modules/instance?ref=v0.3.0"
+  source = "../../modules/instance"
 
   service_name = "txtdata"
   cluster_role = "app"