Description

Create IAM Roles for execution of a specific service (bounded by a repository name) on a specific stage

Usage

module "iam" {
  source = "scaffoldly/serverless-api-stage-iam/aws"

  repository_name = var.repository_name
  stage           = var.stage
}

Roadmap

• More customizable/restrictable permissions

Requirements

Name	Version
terraform	>= 1.0, < 1.7

Providers

Name	Version
aws	3.54.0

Modules

No modules.

Resources

Name	Type
aws_iam_role.role	resource
aws_iam_role_policy.base	resource
aws_caller_identity.current	data source
aws_iam_policy_document.base	data source
aws_iam_policy_document.trust	data source

Inputs

Name	Description	Type	Default	Required
kms_key_id	The KMS Key Id for the stage (optional)	string	""	no
repository_name	The repository name for the Serverless API (permissions are prefixed with this for service-level isololation of privileges)	string	n/a	yes
saml_trust	Output of trust from saml-to/iam/aws module	object({ trust_actions = list(string) trust_principal_identifiers = list(string) trust_principal_type = string trust_condition_saml_test = string trust_condition_saml_variable = string trust_condition_saml_values = list(string) } )	null	no
stage	The stage (e.g. live, nonlive)	string	n/a	yes

Outputs

Name	Description
role_arn	n/a