fix: Allow customisation of trusted_role_actions in iam-assumable-role module (#76)

5bb2ab91 · Víctor M. Mesas · GitHub · 3b665db2 · 5bb2ab91 · 5bb2ab91
Commit 5bb2ab91 authored May 26, 2020 by Víctor M. Mesas Committed by GitHub May 26, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

README.md modules/iam-assumable-role/README.md +1 -0

main.tf modules/iam-assumable-role/main.tf +1 -1

variables.tf modules/iam-assumable-role/variables.tf +6 -0

No files found.
--- a/modules/iam-assumable-role/README.md
+++ b/modules/iam-assumable-role/README.md
@@ -39,6 +39,7 @@ Trusted resources can be any [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/U
 | role\_permissions\_boundary\_arn | Permissions boundary ARN to use for IAM role | `string` | `""` | no |
 | role\_requires\_mfa | Whether role requires MFA | `bool` | `true` | no |
 | tags | A map of tags to add to IAM role resources | `map(string)` | `{}` | no |
+| trusted\_role\_actions | Actions of STS | `list(string)` | <pre>[<br>  "sts:AssumeRole"<br>]</pre> | no |
 | trusted\_role\_arns | ARNs of AWS entities who can assume these roles | `list(string)` | `[]` | no |
 | trusted\_role\_services | AWS Services that can assume these roles | `list(string)` | `[]` | no |

--- a/modules/iam-assumable-role/main.tf
+++ b/modules/iam-assumable-role/main.tf
@@ -2,7 +2,7 @@ data "aws_iam_policy_document" "assume_role" {
  statement {
    effect = "Allow"
-    actions = ["sts:AssumeRole"]
+    actions = var.trusted_role_actions
    principals {
      type        = "AWS"

--- a/modules/iam-assumable-role/variables.tf
+++ b/modules/iam-assumable-role/variables.tf
+variable "trusted_role_actions" {
+  description = "Actions of STS"
+  type        = list(string)
+  default     = ["sts:AssumeRole"]
+}
 variable "trusted_role_arns" {
  description = "ARNs of AWS entities who can assume these roles"
  type        = list(string)