Awesome
Modernisation Platform Terraform Cross Account Access Module
A simple Terraform module to configure an IAM role that is assumable from another account.
Usage
module "cross-account-access" {
source = "github.com/ministryofjustice/modernisation-platform-terraform-cross-account-access"
account_id = "123456789"
policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
role_name = "CrossAccountAccess"
}
<!-- BEGIN_TF_DOCS -->
Requirements
Name | Version |
---|---|
<a name="requirement_terraform"></a> terraform | >=1.0.1 |
<a name="requirement_aws"></a> aws | ~> 5.0 |
Providers
Name | Version |
---|---|
<a name="provider_aws"></a> aws | ~> 5.0 |
Modules
No modules.
Resources
Name | Type |
---|---|
aws_iam_role.default | resource |
aws_iam_role_policy_attachment.default | resource |
aws_iam_policy_document.assume-role-policy | data source |
aws_iam_policy_document.combined-assume-role-policy | data source |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
<a name="input_account_id"></a> account_id | Account ID to give access to | string | n/a | yes |
<a name="input_additional_trust_roles"></a> additional_trust_roles | ARN of other roles to be passed as principals for sts:AssumeRole | list(string) | [] | no |
<a name="input_additional_trust_statements"></a> additional_trust_statements | Json attributes of additional iam policy documents to add to the trust policy | list(string) | [] | no |
<a name="input_policy_arn"></a> policy_arn | Policy ARN for the assumable role. Defaults to arn:aws:iam::aws:policy/ReadOnlyAccess | string | "arn:aws:iam::aws:policy/ReadOnlyAccess" | no |
<a name="input_role_name"></a> role_name | Name of assumable role | string | n/a | yes |
Outputs
Name | Description |
---|---|
<a name="output_role_arn"></a> role_arn | n/a |
Looking for issues?
If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.