This Terraform sub-module manages the account-wide IAM roles and their associated policies. These roles are required when creating the necessary AWS resources for ROSA Classic cluster deployment.
These IAM resources can be created once and used across multiple ROSA Classic cluster creations.
For more information, see About IAM resources for ROSA clusters that use STS in the ROSA documentation.
module "account_iam_resources" {
source = "terraform-redhat/rosa-classic/rhcs//modules/account-iam-resources"
account_role_prefix = "my-cluster-account"
openshift_version = "4.14.24"
}
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 4.0 |
| null | >= 3.0.0 |
| random | >= 2.0 |
| rhcs | >= 1.6.2 |
| time | >= 0.9 |
| Name | Version |
|---|---|
| aws | >= 4.0 |
| null | >= 3.0.0 |
| random | >= 2.0 |
| rhcs | >= 1.6.2 |
| time | >= 0.9 |
| Name | Source | Version |
|---|---|---|
| account_iam_policy | terraform-aws-modules/iam/aws//modules/iam-policy | >=5.34.0 |
| account_iam_role | terraform-aws-modules/iam/aws//modules/iam-assumable-role | >=5.34.0 |
| Name | Type |
|---|---|
| aws_iam_role_policy_attachment.role_policy_attachment | resource |
| null_resource.validate_openshift_version | resource |
| random_string.default_random | resource |
| time_sleep.account_iam_resources_wait | resource |
| aws_iam_policy_document.custom_trust_policy | data source |
| aws_partition.current | data source |
| rhcs_info.current | data source |
| rhcs_policies.all_policies | data source |
| rhcs_versions.all_versions | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_role_prefix | User-defined prefix for all generated AWS resources (default "account-role-") | string |
null |
no |
| openshift_version | The Openshift cluster version of the cluster those account roles are used for. | string |
n/a | yes |
| path | The ARN path for the account/operator roles as well as their policies. | string |
"/" |
no |
| permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the IAM roles in STS clusters. | string |
"" |
no |
| tags | List of AWS resource tags to apply. | map(string) |
null |
no |
| Name | Description |
|---|---|
| account_role_prefix | The prefix used for all generated AWS resources. |
| account_roles_arn | A map of Amazon Resource Names (ARNs) associated with the AWS IAM roles created. The key in the map represents the name of an AWS IAM role, while the corresponding value represents the associated Amazon Resource Name (ARN) of that role. |
| openshift_version | The Openshift cluster version of the cluster those account roles are used for. |
| path | The arn path for the account/operator roles as well as their policies. |