Modernisation Platform Github Web Identity Assumable Role Module

Usage

module "github-webidentity-assumable-role" {

  source = "https://github.com/ministryofjustice/modernisation-platform-github-oidc-role"

  github_repositories         = ["ministryofjustice/modernisation-platform-environments:*","ministryofjustice/modernisation-platform:*"]
  role_name                   = "modernisation-platform-github-actions"
  policy_arns                 = ["arn:aws:iam::aws:policy/AdministratorAccess"]
  policy_jsons                = [data.aws_iam_policy_document.first-policy.json, data.aws_iam_policy_document.second-policy.json]
  tags                        = local.tags

}

Looking for issues?

If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.

Requirements

Name	Version
terraform	>= 1.0.1
aws	>= 4.0

Providers

Name	Version
aws	>= 4.0

Modules

No modules.

Resources

Name	Type
aws_iam_policy.additional-permissions	resource
aws_iam_role.this	resource
aws_iam_role_policy_attachment.additional-permissions	resource
aws_iam_role_policy_attachment.policy-arns	resource
aws_caller_identity.current	data source
aws_iam_policy_document.combined-role-policy	data source
aws_iam_policy_document.this	data source

Inputs

Name	Description	Type	Default	Required
github_repositories	The github repositories, for example ["ministryofjustice/modernisation-platform-environments:*"]	`list(string)`	n/a	yes
max_session_duration	The maximum session duration (in seconds) that you want to set for the specified role. Defaults to 3600	`number`	`3600`	no
policy_arns	List of policy ARNs for the assumable role. Defaults to ["arn:aws:iam::aws:policy/ReadOnlyAccess"]	`list(string)`	[ "arn:aws:iam::aws:policy/ReadOnlyAccess" ]	no
policy_jsons	List of policy jsons for the assumable role. Defaults to []	`list(string)`	`[]`	no
role_name	Name of role	`string`	n/a	yes
subject_claim	Github OIDC subject claim, defaults to *	`string`	`"*"`	no
tags	Common tags to be used by all resources	`map(string)`	n/a	yes

Outputs

Name	Description
role	IAM Role created for use by the OIDC provider
role_additional_permissions_policy	Additional role policy for the role
role_trust_policy	Assume role policy for the role

Name		Name	Last commit message	Last commit date
Latest commit History 758 Commits
.github		.github
scripts		scripts
test		test
.gitignore		.gitignore
.trivyignore.yaml		.trivyignore.yaml
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
README.md		README.md
data.tf		data.tf
main.tf		main.tf
outputs.tf		outputs.tf
variables.tf		variables.tf
versions.tf		versions.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Modernisation Platform Github Web Identity Assumable Role Module

Usage

Looking for issues?

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Releases 6

Packages

Contributors 16

Languages

License

ministryofjustice/modernisation-platform-github-oidc-role

Folders and files

Latest commit

History

Repository files navigation

Modernisation Platform Github Web Identity Assumable Role Module

Usage

Looking for issues?

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases 6

Packages 0

Contributors 16

Languages

Packages