A Terraform module for creating an IAM user suitable for building Amazon Machine Images (AMIs).
module "example" {
source = "../.."
providers = {
aws = aws
aws.images-production-ami = aws.images-production-ami
aws.images-staging-ami = aws.images-staging-ami
aws.images-production-ssm = aws.images-production-ssm
aws.images-staging-ssm = aws.images-staging-ssm
}
ssm_parameters = ["/example/parameter1", "/example/config"]
user_name = "test-ami-build-iam-user-tf-module"
}| Name | Version |
|---|---|
| terraform | >= 1.1 |
| aws | >= 4.9 |
| Name | Version |
|---|---|
| aws | >= 4.9 |
| aws.images-production-ami | >= 4.9 |
| aws.images-staging-ami | >= 4.9 |
| Name | Source | Version |
|---|---|---|
| ci_user | github.com/cisagov/ci-iam-user-tf-module | n/a |
| parameterstorereadonly_role_production | github.com/cisagov/ssm-read-role-tf-module | n/a |
| parameterstorereadonly_role_staging | github.com/cisagov/ssm-read-role-tf-module | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_policy_arns_production | The list of additional Production IAM policy ARNs to attach to this IAM user (e.g. ["arn:aws:iam::123456789012:policy/ReadFromMyBucket", "arn:aws:iam::123456789012:policy/ReadFromMyOtherBucket"]). | list(string) |
[] |
no |
| additional_policy_arns_staging | The list of additional Staging IAM policy ARNs to attach to this IAM user (e.g. ["arn:aws:iam::123456789012:policy/ReadFromMyBucket", "arn:aws:iam::123456789012:policy/ReadFromMyOtherBucket"]). | list(string) |
[] |
no |
| ec2amicreate_policy_name | The name of the IAM policy in the Images account that allows all of the actions needed to create an AMI. | string |
"EC2AMICreate" |
no |
| ec2amicreate_role_description | The description to associate with the IAM role that allows this IAM user to create AMIs. Note that a "%s" in this value will get replaced with the user_name variable. | string |
"Allows the %s IAM user to create AMIs." |
no |
| ec2amicreate_role_max_session_duration | The maximum session duration (in seconds) when assuming the IAM role that allows this IAM user to create AMIs. | number |
3600 |
no |
| ec2amicreate_role_name | The name to assign the IAM role that allows allows this IAM user to create AMIs. Note that a "%s" in this value will get replaced with the user_name variable. | string |
"EC2AMICreate-%s" |
no |
| ssm_parameters | The AWS SSM parameters that the IAM user needs to be able to read (e.g. ["/example/parameter1", "/example/config"]). | list(string) |
[] |
no |
| user_name | The name to associate with the AWS IAM user (e.g. test-ami-build-iam-user-tf-module). | string |
n/a | yes |
| Name | Description |
|---|---|
| access_key | The IAM access key associated with the IAM user created by this module. |
| ec2amicreate_role_production | The IAM role that the CI user can assume in the production account to create AMIs. |
| ec2amicreate_role_staging | The IAM role that the CI user can assume in the staging account to create AMIs. |
| user | The IAM user created by this module. |
Running pre-commit requires running terraform init in every directory that
contains Terraform code. In this repository, these are the main directory and
every directory under examples/.
We welcome contributions! Please see CONTRIBUTING.md for
details.
This project is in the worldwide public domain.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.