UPD: added examples for iam-role module

2024-09-27 10:49:20 +08:00 · 2024-09-27 10:49:20 +08:00 · b35e7def2a
commit b35e7def2a
parent 0d9b7d704b
1 changed files with 34 additions and 0 deletions
--- a/modules/security_identity_compliance/iam-role/examples/main.tf
+++ b/modules/security_identity_compliance/iam-role/examples/main.tf
@ -0,0 +1,34 @@
+module "role1" {
+  source = ".../iam-role"
+  role-name               = "${local.resource_prefix}-${var.application}-role1"
+  description             = "IAM role for ${var.application}"
+  trusted-entity          = "ec2.amazonaws.com"
+  create-instance-profile = true
+
+  managed-policy-arns = [
+    "arn:aws:iam::aws:policy/ReadOnlyAccess"
+  ]
+}
+
+module "role2" {
+  source      = ".../iam-role"
+  role-name               = "${local.resource_prefix}-${var.application}-role2"
+  description             = "IAM role for ${var.application}"
+  trusted-entity = null
+  assume-role-policy = jsonencode(
+    {
+      "Version" : "2012-10-17",
+      "Statement" : [
+        {
+          "Effect" : "Allow",
+          "Principal" : {
+            "Service" : [
+              "ssm.amazonaws.com"
+            ]
+          },
+          "Action" : "sts:AssumeRole"
+        }
+      ]
+    }
+  )
+}