search

unfunco / terraform-aws-oidc-github

Terraform module to configure GitHub Actions as an IAM OIDC identity provider in AWS.
https://registry.terraform.io/modules/unfunco/oidc-github/aws/latest
Apache License 2.0
91 stars 51 forks source link

feat: add support for creating multiple roles #4

Closed henworth closed 2 years ago

henworth commented 2 years ago

This adds the ability to support the creation of multiple roles to this module. Due to the fact that you can only have one OIDC provider per URL, this module fails with a 409 error, like the below:

Error: error creating IAM OIDC Provider: EntityAlreadyExists: Provider
with url https://token.actions.githubusercontent.com already exists.

This feature is desired in the potential scenario where one wants to create separate plan and apply roles in the same account.

To address this, we add an input variable to control whether we create a aws_iam_openid_connect_provider resource or reference an existing one using a data source. This data source was added in the AWS provider version 4.0, so this also includes changing the provider requirements to that version.

Finally, this changes the README to include generated docs from terraform-docs as that seemed like the easiest method to update them. I hope this is acceptable.

unfunco commented 2 years ago

This is great, thanks again! I'll get this merged and released today.