-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathmain.tf
42 lines (36 loc) · 1.17 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
locals {
assume_policy = var.assume_policy != null ? var.assume_policy : data.aws_iam_policy_document.default.json
create_policy = var.create_policy != null ? var.create_policy : var.role_policy != null
}
data "aws_iam_policy_document" "default" {
statement {
actions = [
"sts:AssumeRole"
]
principals {
type = var.principal_type
identifiers = var.principal_identifiers
}
}
}
resource "aws_iam_role" "default" {
name = "${var.name}${var.postfix ? "Role" : ""}"
assume_role_policy = local.assume_policy
description = var.description
force_detach_policies = var.force_detach_policies
max_session_duration = var.max_session_duration
path = var.path
permissions_boundary = var.permissions_boundary
tags = var.tags
}
resource "aws_iam_role_policy" "default" {
count = local.create_policy ? 1 : 0
name = "${var.name}${var.postfix ? "Policy" : ""}"
role = aws_iam_role.default.id
policy = var.role_policy
}
resource "aws_iam_role_policy_attachment" "default" {
for_each = var.policy_arns
role = aws_iam_role.default.name
policy_arn = each.value
}