Skip to content
/ terraform-aws-snowfamily-iam-role Public

IAM role for use as a Snow Family service role.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dod-iac/terraform-aws-snowfamily-iam-role

BranchesTags

Repository files navigation

Usage

Creates an IAM role for use as a Snow Family service role.

module "snowfamily_iam_role" {
  source = "dod-iac/snowfamily-iam-role/aws"

  name                  = format("app-%s-snowfamily-%s", var.application, var.environment)
  kms_keys_decrypt      = ["*"]
  kms_keys_encrypt      = ["*"]
  s3_buckets_import     = ["*"]
  s3_buckets_export     = ["*"]
  sns_topics_publish    = ["*"]
  tags               = {
    Application = var.application
    Environment = var.environment
    Automation  = "Terraform"
  }
}

Terraform Version

Terraform 0.13. Pin module version to ~> 1.0.0 . Submit pull-requests to main branch.

Terraform 0.11 and 0.12 are not supported.

License

This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.

Requirements

Name Version
terraform >= 0.13
aws >= 3.0, < 5.0

Providers

Name Version
aws >= 3.0, < 5.0

Modules

No modules.

Resources

Name Type
aws_iam_policy.main resource
aws_iam_role.main resource
aws_iam_role_policy_attachment.main resource
aws_caller_identity.current data source
aws_iam_policy_document.assume_role_policy data source
aws_iam_policy_document.main data source
aws_partition.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
assume_role_policy The assume role policy for the AWS IAM role. If blank, allows Snow Family (fka Import/Export) to assume the role. string "" no
kms_keys_decrypt The ARNs of the AWS KMS keys that can be used to decrypt data. Use ["*"] to allow all keys. list(string) [] no
kms_keys_encrypt The ARNs of the AWS KMS keys that can be used to encrypt data. Use ["*"] to allow all keys. list(string) [] no
name The name of the AWS IAM role. string n/a yes
policy_description The description of the AWS IAM policy. Defaults to "The policy for [NAME]". string "" no
policy_name The name of the AWS IAM policy. Defaults to "[NAME]-policy". string "" no
s3_buckets_export The ARNs of the AWS S3 buckets that data can be exported from. Use ["*"] to allow all buckets. list(string) [] no
s3_buckets_import The ARNs of the AWS S3 buckets that data can be imported into. Use ["*"] to allow all buckets. list(string) [] no
sns_topics_publish The ARNs of the AWS SNS topics that status updates can be published to. Use ["*"] to allow all topics. list(string) [] no
tags Tags applied to the AWS IAM role. map(string) {} no

Outputs

Name Description
arn The Amazon Resource Name (ARN) of the AWS IAM Role.
name The name of the AWS IAM Role.

About

IAM role for use as a Snow Family service role.

Topics

aws terraform snowball snowfamily

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages