Merge pull request #8 from Flaconi/OPS-4290-instance-profiles

Ops 4290 instance profiles

README.md

@@ -159,6 +159,7 @@ users = [
 roles = [
   {
     name                 = "ROLE-ADMIN"
+    instance_profile     = null
     path                 = ""
     desc                 = ""
     trust_policy_file    = "trust-policies/admin.json"
@@ -171,6 +172,7 @@ roles = [
   },
   {
     name                 = "ROLE-DEV"
+    instance_profile     = null
     path                 = ""
     desc                 = ""
     trust_policy_file    = "trust-policies/dev.json"
@@ -297,6 +299,7 @@ module "iam_roles" {
   roles = [
     {
       name                 = "ROLE-ADMIN"
+      instance_profile     = null
       path                 = ""
       desc                 = ""
       trust_policy_file    = "trust-policies/admin.json"
@@ -309,6 +312,7 @@ module "iam_roles" {
     },
     {
       name                 = "ROLE-DEV"
+      instance_profile     = null
       path                 = ""
       desc                 = ""
       trust_policy_file    = "trust-policies/dev.json"
@@ -437,6 +441,7 @@ inputs = {
   roles = [
     {
       name                 = "ROLE-ADMIN"
+      instance_profile     = null
       path                 = ""
       desc                 = ""
       trust_policy_file    = "trust-policies/admin.json"
@@ -449,6 +454,7 @@ inputs = {
     },
     {
       name                 = "ROLE-DEV"
+      instance_profile     = null
       path                 = ""
       desc                 = ""
       trust_policy_file    = "trust-policies/dev.json"
@@ -649,6 +655,7 @@ Type:
 ```hcl
 list(object({
     name                 = string       # Name of the role
+    instance_profile     = string       # Name of the instance profile
     path                 = string       # Defaults to 'var.role_path' if variable is set to null
     desc                 = string       # Defaults to 'var.role_desc' if variable is set to null
     trust_policy_file    = string       # Path to file of trust/assume policy

examples/groups-users-and-policies/README.md

@@ -36,7 +36,7 @@ No provider.
 | policies | A list of dictionaries defining all policies. | <pre>list(object({<br>    name = string      # Name of the policy<br>    path = string      # Defaults to 'var.policy_path' if variable is set to null<br>    desc = string      # Defaults to 'var.policy_desc' if variable is set to null<br>    file = string      # Path to json or json.tmpl file of policy<br>    vars = map(string) # Policy template variables {key: val, ...}<br>  }))</pre> | `[]` | no |
 | groups | A list of dictionaries defining all groups. | <pre>list(object({<br>    name        = string       # Name of the group<br>    path        = string       # Defaults to 'var.group_path' if variable is set to null<br>    policies    = list(string) # List of names of policies (must be defined in var.policies)<br>    policy_arns = list(string) # List of existing policy ARN's<br>    inline_policies = list(object({<br>      name = string      # Name of the inline policy<br>      file = string      # Path to json or json.tmpl file of policy<br>      vars = map(string) # Policy template variables {key = val, ...}<br>    }))<br>  }))</pre> | `[]` | no |
 | users | A list of dictionaries defining all users. | <pre>list(object({<br>    name   = string       # Name of the user<br>    path   = string       # Defaults to 'var.user_path' if variable is set to null<br>    groups = list(string) # List of group names to add this user to<br>    access_keys = list(object({<br>      name    = string # IaC identifier for first or second IAM access key (not used on AWS)<br>      pgp_key = string # Leave empty for non or provide a b64-enc pubkey or keybase username<br>      status  = string # 'Active' or 'Inactive'<br>    }))<br>    permissions_boundary = string       # ARN to a policy used as permissions boundary (or null/empty)<br>    policies             = list(string) # List of names of policies (must be defined in var.policies)<br>    policy_arns          = list(string) # List of existing policy ARN's<br>    inline_policies = list(object({<br>      name = string      # Name of the inline policy<br>      file = string      # Path to json or json.tmpl file of policy<br>      vars = map(string) # Policy template variables {key = val, ...}<br>    }))<br>  }))</pre> | `[]` | no |
-| roles | A list of dictionaries defining all roles. | <pre>list(object({<br>    name                 = string       # Name of the role<br>    path                 = string       # Defaults to 'var.role_path' if variable is set to null<br>    desc                 = string       # Defaults to 'var.role_desc' if variable is set to null<br>    trust_policy_file    = string       # Path to file of trust/assume policy<br>    permissions_boundary = string       # ARN to a policy used as permissions boundary (or null/empty)<br>    policies             = list(string) # List of names of policies (must be defined in var.policies)<br>    policy_arns          = list(string) # List of existing policy ARN's<br>    inline_policies = list(object({<br>      name = string      # Name of the inline policy<br>      file = string      # Path to json or json.tmpl file of policy<br>      vars = map(string) # Policy template variables {key = val, ...}<br>    }))<br>  }))</pre> | `[]` | no |
+| roles | A list of dictionaries defining all roles. | <pre>list(object({<br>    name                 = string       # Name of the role<br>    instance_profile     = string       # Name of the instance profile<br>    path                 = string       # Defaults to 'var.role_path' if variable is set to null<br>    desc                 = string       # Defaults to 'var.role_desc' if variable is set to null<br>    trust_policy_file    = string       # Path to file of trust/assume policy<br>    permissions_boundary = string       # ARN to a policy used as permissions boundary (or null/empty)<br>    policies             = list(string) # List of names of policies (must be defined in var.policies)<br>    policy_arns          = list(string) # List of existing policy ARN's<br>    inline_policies = list(object({<br>      name = string      # Name of the inline policy<br>      file = string      # Path to json or json.tmpl file of policy<br>      vars = map(string) # Policy template variables {key = val, ...}<br>    }))<br>  }))</pre> | `[]` | no |
 | policy\_path | The default path under which to create the policy if not specified in the policies list. You can use a single path, or nest multiple paths as if they were a folder structure. For example, you could use the nested path /division\_abc/subdivision\_xyz/product\_1234/engineering/ to match your company's organizational structure. | `string` | `"/"` | no |
 | policy\_desc | The default description of the policy. | `string` | `"Managed by Terraform"` | no |
 | group\_path | The path under which to create the group. You can use a single path, or nest multiple paths as if they were a folder structure. For example, you could use the nested path /division\_abc/subdivision\_xyz/product\_1234/engineering/ to match your company's organizational structure. | `string` | `"/"` | no |

examples/policies-with-custom-data-sources/README.md

@@ -193,7 +193,7 @@ No requirements.
 | policies | A list of dictionaries defining all policies. | <pre>list(object({<br>    name = string      # Name of the policy<br>    path = string      # Defaults to 'var.policy_path' if variable is set to null<br>    desc = string      # Defaults to 'var.policy_desc' if variable is set to null<br>    file = string      # Path to json or json.tmpl file of policy<br>    vars = map(string) # Policy template variables {key: val, ...}<br>  }))</pre> | `[]` | no |
 | groups | A list of dictionaries defining all groups. | <pre>list(object({<br>    name        = string       # Name of the group<br>    path        = string       # Defaults to 'var.group_path' if variable is set to null<br>    policies    = list(string) # List of names of policies (must be defined in var.policies)<br>    policy_arns = list(string) # List of existing policy ARN's<br>    inline_policies = list(object({<br>      name = string      # Name of the inline policy<br>      file = string      # Path to json or json.tmpl file of policy<br>      vars = map(string) # Policy template variables {key = val, ...}<br>    }))<br>  }))</pre> | `[]` | no |
 | users | A list of dictionaries defining all users. | <pre>list(object({<br>    name   = string       # Name of the user<br>    path   = string       # Defaults to 'var.user_path' if variable is set to null<br>    groups = list(string) # List of group names to add this user to<br>    access_keys = list(object({<br>      name    = string # IaC identifier for first or second IAM access key (not used on AWS)<br>      pgp_key = string # Leave empty for non or provide a b64-enc pubkey or keybase username<br>      status  = string # 'Active' or 'Inactive'<br>    }))<br>    permissions_boundary = string       # ARN to a policy used as permissions boundary (or null/empty)<br>    policies             = list(string) # List of names of policies (must be defined in var.policies)<br>    policy_arns          = list(string) # List of existing policy ARN's<br>    inline_policies = list(object({<br>      name = string      # Name of the inline policy<br>      file = string      # Path to json or json.tmpl file of policy<br>      vars = map(string) # Policy template variables {key = val, ...}<br>    }))<br>  }))</pre> | `[]` | no |
-| roles | A list of dictionaries defining all roles. | <pre>list(object({<br>    name                 = string       # Name of the role<br>    path                 = string       # Defaults to 'var.role_path' if variable is set to null<br>    desc                 = string       # Defaults to 'var.role_desc' if variable is set to null<br>    trust_policy_file    = string       # Path to file of trust/assume policy<br>    permissions_boundary = string       # ARN to a policy used as permissions boundary (or null/empty)<br>    policies             = list(string) # List of names of policies (must be defined in var.policies)<br>    policy_arns          = list(string) # List of existing policy ARN's<br>    inline_policies = list(object({<br>      name = string      # Name of the inline policy<br>      file = string      # Path to json or json.tmpl file of policy<br>      vars = map(string) # Policy template variables {key = val, ...}<br>    }))<br>  }))</pre> | `[]` | no |
+| roles | A list of dictionaries defining all roles. | <pre>list(object({<br>    name                 = string       # Name of the role<br>    instance_profile     = string       # Name of the instance profile<br>    path                 = string       # Defaults to 'var.role_path' if variable is set to null<br>    desc                 = string       # Defaults to 'var.role_desc' if variable is set to null<br>    trust_policy_file    = string       # Path to file of trust/assume policy<br>    permissions_boundary = string       # ARN to a policy used as permissions boundary (or null/empty)<br>    policies             = list(string) # List of names of policies (must be defined in var.policies)<br>    policy_arns          = list(string) # List of existing policy ARN's<br>    inline_policies = list(object({<br>      name = string      # Name of the inline policy<br>      file = string      # Path to json or json.tmpl file of policy<br>      vars = map(string) # Policy template variables {key = val, ...}<br>    }))<br>  }))</pre> | `[]` | no |
 | policy\_path | The default path under which to create the policy if not specified in the policies list. You can use a single path, or nest multiple paths as if they were a folder structure. For example, you could use the nested path /division\_abc/subdivision\_xyz/product\_1234/engineering/ to match your company's organizational structure. | `string` | `"/"` | no |
 | policy\_desc | The default description of the policy. | `string` | `"Managed by Terraform"` | no |
 | group\_path | The path under which to create the group. You can use a single path, or nest multiple paths as if they were a folder structure. For example, you could use the nested path /division\_abc/subdivision\_xyz/product\_1234/engineering/ to match your company's organizational structure. | `string` | `"/"` | no |

examples/roles/README.md

@@ -25,6 +25,7 @@ The following defined role has administrator access on the provisioned AWS accou
 roles = [
   {
     name                 = "ROLE-ADMIN"
+    instance_profile     = null
     path                 = null
     desc                 = null
     trust_policy_file    = "data/trust-policies/admin.json"
@@ -85,7 +86,7 @@ No provider.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | policies | A list of dictionaries defining all policies. | <pre>list(object({<br>    name = string      # Name of the policy<br>    path = string      # Defaults to 'var.policy_path' if variable is set to null<br>    desc = string      # Defaults to 'var.policy_desc' if variable is set to null<br>    file = string      # Path to json or json.tmpl file of policy<br>    vars = map(string) # Policy template variables {key: val, ...}<br>  }))</pre> | `[]` | no |
-| roles | A list of dictionaries defining all roles. | <pre>list(object({<br>    name                 = string       # Name of the role<br>    path                 = string       # Defaults to 'var.role_path' if variable is set to null<br>    desc                 = string       # Defaults to 'var.role_desc' if variable is set to null<br>    trust_policy_file    = string       # Path to file of trust/assume policy<br>    permissions_boundary = string       # ARN to a policy used as permissions boundary (or null/empty)<br>    policies             = list(string) # List of names of policies (must be defined in var.policies)<br>    policy_arns          = list(string) # List of existing policy ARN's<br>    inline_policies = list(object({<br>      name = string      # Name of the inline policy<br>      file = string      # Path to json or json.tmpl file of policy<br>      vars = map(string) # Policy template variables {key = val, ...}<br>    }))<br>  }))</pre> | `[]` | no |
+| roles | A list of dictionaries defining all roles. | <pre>list(object({<br>    name                 = string       # Name of the role<br>    instance_profile     = string       # Name of the instance profile (attach the role to an instance profile)<br>    path                 = string       # Defaults to 'var.role_path' if variable is set to null<br>    desc                 = string       # Defaults to 'var.role_desc' if variable is set to null<br>    trust_policy_file    = string       # Path to file of trust/assume policy<br>    permissions_boundary = string       # ARN to a policy used as permissions boundary (or null/empty)<br>    policies             = list(string) # List of names of policies (must be defined in var.policies)<br>    policy_arns          = list(string) # List of existing policy ARN's<br>    inline_policies = list(object({<br>      name = string      # Name of the inline policy<br>      file = string      # Path to json or json.tmpl file of policy<br>      vars = map(string) # Policy template variables {key = val, ...}<br>    }))<br>  }))</pre> | `[]` | no |
 
 ## Outputs
 

examples/roles/terraform.tfvars

@@ -11,6 +11,7 @@ policies = [
 roles = [
   {
     name                 = "ROLE-CUSTOM-POLICY"
+    instance_profile     = null
     path                 = null
     desc                 = null
     trust_policy_file    = "data/trust-policy-file.json"
@@ -21,6 +22,7 @@ roles = [
   },
   {
     name                 = "ROLE-POLICY-ARN"
+    instance_profile     = null
     path                 = null
     desc                 = null
     trust_policy_file    = "data/trust-policy-file.json"
@@ -31,6 +33,7 @@ roles = [
   },
   {
     name                 = "ROLE-INLINE-POLICY"
+    instance_profile     = null
     path                 = null
     desc                 = null
     trust_policy_file    = "data/trust-policy-file.json"
@@ -83,4 +86,15 @@ roles = [
     policy_arns          = ["arn:aws:iam::aws:policy/AdministratorAccess"]
     inline_policies      = []
   },
+  {
+    name                 = "ROLE-ATTACHED-TO-AN-INSTANCE-PROFILE"
+    instance_profile     = "MY-INSTANCE-PROFILE-1"
+    path                 = null
+    desc                 = null
+    trust_policy_file    = "data/trust-policy-file.json"
+    permissions_boundary = null
+    policies             = []
+    policy_arns          = ["arn:aws:iam::aws:policy/PowerUserAccess"]
+    inline_policies      = []
+  },
 ]

examples/roles/variables.tf

@@ -14,6 +14,7 @@ variable "roles" {
   description = "A list of dictionaries defining all roles."
   type = list(object({
     name                 = string       # Name of the role
+    instance_profile     = string       # Name of the instance profile (attach the role to an instance profile)
     path                 = string       # Defaults to 'var.role_path' if variable is set to null
     desc                 = string       # Defaults to 'var.role_desc' if variable is set to null
     trust_policy_file    = string       # Path to file of trust/assume policy