A simple Terraform module to configure an IAM role that is assumable from another account.
module "cross-account-access" {
source = "github.com/ministryofjustice/modernisation-platform-terraform-cross-account-access"
account_id = "123456789"
policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
role_name = "CrossAccountAccess"
}
| Name | Version |
|---|---|
| terraform | >=1.0.1 |
| aws | ~> 5.0 |
| Name | Version |
|---|---|
| aws | ~> 5.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_role.default | resource |
| aws_iam_role_policy_attachment.default | resource |
| aws_iam_policy_document.assume-role-policy | data source |
| aws_iam_policy_document.combined-assume-role-policy | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_id | Account ID to give access to | string |
n/a | yes |
| additional_trust_roles | ARN of other roles to be passed as principals for sts:AssumeRole | list(string) |
[] |
no |
| additional_trust_statements | Json attributes of additional iam policy documents to add to the trust policy | list(string) |
[] |
no |
| policy_arn | Policy ARN for the assumable role. Defaults to arn:aws:iam::aws:policy/ReadOnlyAccess | string |
"arn:aws:iam::aws:policy/ReadOnlyAccess" |
no |
| role_name | Name of assumable role | string |
n/a | yes |
| Name | Description |
|---|---|
| role_arn | n/a |
If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.