GitHub: StratusGrid/terraform-aws-iam-role-cross-account-trusting
This module creates a role that can be assumed by another principal (usually in another account, but could be user or role) to act as that role with permissions from the attached policies.
NOTE: This is the TRUSTING side. You will still need to create a policy on the TRUSTED side that allows users in that account to assume the role
module "iam_role_cross_account_trusting_admin" {
source = "StratusGrid/iam-role-cross-account-trusting/aws"
version = "2.0.0"
role_name = "cross-account-role-admin"
principal_arns = ["arn:aws:iam::ACCOUNT_ID:root"]
policy_arns = ["arn:aws:iam::aws:policy/AdministratorAccess"]
input_tags = merge(local.common_tags, {})
require_mfa = false
}
Name | Type |
---|---|
aws_iam_role.cross_account_assume_role | resource |
aws_iam_role_policy_attachment.cross_account_assume_role | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
input_tags | Map of tags to apply to resources | map(string) |
{} |
no |
max_session_duration | Max session duration for iam role | string |
3600 |
no |
policy_arns | ARNs for policies attached to this role | list(string) |
n/a | yes |
principal_arns | ARNs of accounts, users, or roles who can assume this role | list(string) |
n/a | yes |
require_mfa | Boolean to determine whether the role should require users assuming it to have MFA enabled | bool |
false |
no |
role_name | Name for the role being created | string |
n/a | yes |
Name | Description |
---|---|
role_arn | ARN of newly created role |
role_assumption_url | URL Shortcut to assume role in Console |
role_name | Name of newly created role |
Note: Manual changes to the README will be overwritten when the documentation is updated. To update the documentation, run terraform-docs -c .config/.terraform-docs.yml .