search

terraform-aws-modules / terraform-aws-iam

Terraform module to create AWS IAM resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/iam/aws
Apache License 2.0
779 stars 985 forks source link

Ability to add trusted_role_arns for iam-role-for-service-accounts-eks module #498

Closed ukmc closed 2 weeks ago

ukmc commented 1 month ago

Is your request related to a problem? Please describe.

We have a case where we need to assume created role from module by another role. Therefore we would like to have ability to add _trusted_role_arns_ field just like in the iam-assumable-role module

Describe the solution you'd like.

Add optional statement to main.tf that allows arns to sts:AssumeRole action

Terraform:

  trusted_role_arns = [
    "arn:aws:iam::1111111111:role/my-role"
  ]

TrustPolicy:

{
  Action    = "sts:AssumeRole"
  Effect    = "Allow"
  Principal = {
     AWS = "arn:aws:iam::1111111111:role/my-role"
  }
  Sid       = "Statement"
},

Describe alternatives you've considered.

We have also considered iam-assumable-role-with-oidc however it also does not have trusted_role capability

github-actions[bot] commented 3 weeks ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] commented 2 weeks ago

This issue was automatically closed because of stale in 10 days