Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.
/ ap-terraform-control-panel-iam Public archive
generated from ministryofjustice/ap-terraform-module-template

Analytical Platform Terraform Control Panel IAM • This repository is defined and managed in Terraform

user-guide.analytical-platform.service.justice.gov.uk
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ministryofjustice/ap-terraform-control-panel-iam

BranchesTags

Repository files navigation

ap-terraform-control-panel-iam

Creates IAM for the control panel to manage AWS resources in multiple accounts.

The module requires three providers:

  • The account that hosts the cluster the control panel is installed on
  • The data account
  • The account that hosts the cluster the applications are on

These may all the same, all different or any combination in between.

It assumes that a trust relationship between the cluster OIDC provider and other accounts already exists.

Requirements

Name Version
terraform >= 1.2.2
aws >= 3.71.0

Providers

Name Version
aws >= 3.71.0
aws.apps_account >= 3.71.0
aws.control_panel_account >= 3.71.0
aws.data_account >= 3.71.0

Modules

Name Source Version
app_account_role github.com/ministryofjustice/ap-terraform-iam-roles.git//assumable-role-federated-user v1.4.1
control_panel_role github.com/ministryofjustice/ap-terraform-iam-roles.git//eks-role v1.4.1
data_account_role github.com/ministryofjustice/ap-terraform-iam-roles.git//assumable-role-federated-user v1.4.1

Resources

Name Type
aws_iam_policy.allow_sts_policy resource
aws_iam_policy.manage_apps resource
aws_iam_policy.manage_data_account resource
aws_caller_identity.apps_account data source
aws_caller_identity.data_account data source
aws_iam_policy_document.allow_sts_policy data source
aws_iam_policy_document.manage_apps data source
aws_iam_policy_document.manage_data_account data source
aws_region.apps_account data source

Inputs

Name Description Type Default Required
control_panel_service_account The service account for the control panel string n/a yes
provider_url URL of the cluster OIDC Provider string n/a yes
resource_prefix The prefix for the resources this control panel IAM can manage string n/a yes
tags A map of tags to add to IAM role resources map(string) {} no

Outputs

Name Description
app_account_role_arn The ARN of the role for managing application account resources
control_panel_role_arn The ARN of the role that identifies the control panel
data_account_role_arn The ARN of the role for managing data account resources

About

Analytical Platform Terraform Control Panel IAM • This repository is defined and managed in Terraform

user-guide.analytical-platform.service.justice.gov.uk

Topics

analytical-platform ministryofjustice

Resources

Readme

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

8 watching

Forks

0 forks
Report repository

Releases 9

v2.0.5 Latest
Apr 5, 2023
+ 8 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages