Home

Awesome

Modernisation Platform Github OIDC Provider Module

Standards Icon Format Code Icon Scorecards IconSCA Icon Terraform SCA Icon

This module allows users to create an OIDC Provider and the associated IAM resources required to make use of the connect provider.

Usage


module "github-oidc-provider" {

  source                 = "https://github.com/ministryofjustice/modernisation-platform-terraform-github-oidc-provider"
  github_repositories    = ["ministryofjustice/your-repository-name:*"]
  additional_permissions = data.aws_iam_policy_document.extra_permissions.json
  tags_common            = local.tags
  tags_prefix            = terraform.workspace

}

The additional_permissions variable will allow you to supply any required IAM permissions beyond ReadOnlyAccess in the form of an aws_iam_policy_document data call.

<!--- BEGIN_TF_DOCS ---> <!--- END_TF_DOCS --->

Looking for issues?

If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.

<!-- BEGIN_TF_DOCS -->

Requirements

NameVersion
<a name="requirement_terraform"></a> terraform>= 1.0.1
<a name="requirement_aws"></a> aws~> 5.0
<a name="requirement_tls"></a> tls~> 4.0

Providers

NameVersion
<a name="provider_aws"></a> aws~> 5.0
<a name="provider_tls"></a> tls~> 4.0

Modules

No modules.

Resources

NameType
aws_iam_openid_connect_provider.github_actionsresource
aws_iam_policy.extra_permissionsresource
aws_iam_role.github_actionsresource
aws_iam_role_policy_attachment.additional_managed_policiesresource
aws_iam_role_policy_attachment.extra_permissionsresource
aws_iam_role_policy_attachment.read_onlyresource
aws_caller_identity.currentdata source
aws_iam_policy_document.github_oidc_assume_roledata source
tls_certificate.githubdata source

Inputs

NameDescriptionTypeDefaultRequired
<a name="input_additional_managed_policies"></a> additional_managed_policiesaccept a list of arns for aws managed policies to attach to OIDC-provider rolelist(string)[]no
<a name="input_additional_permissions"></a> additional_permissionsaccept aws_iam_policy_document with additional permissions to attach to the OIDC-provider rolestringn/ayes
<a name="input_github_known_thumbprints"></a> github_known_thumbprintsThe known intermediary thumbprints for the GitHub OIDC providerlist(string)<pre>[<br/> "1c58a3a8518e8759bf075b76b750d4f2df264fcd",<br/> "6938fd4d98bab03faadb97b34396831e3780aea1"<br/>]</pre>no
<a name="input_github_repositories"></a> github_repositoriesThe github repositories, for example ["ministryofjustice/modernisation-platform-environments:*"]list(string)n/ayes
<a name="input_role_name"></a> role_nameOIDC Role Namestring"github-actions"no
<a name="input_tags_common"></a> tags_commonMOJ required tagsmap(string)n/ayes
<a name="input_tags_prefix"></a> tags_prefixprefix for name tagsstringn/ayes

Outputs

NameDescription
<a name="output_github_actions_provider"></a> github_actions_providerThis module configures an OIDC provider for use with GitHub actions
<a name="output_github_actions_role"></a> github_actions_roleIAM Role created for use by the OIDC provider
<a name="output_github_actions_role_trust_policy"></a> github_actions_role_trust_policyAssume role policy for the github-actions role
<!-- END_TF_DOCS -->