Skip to content

Terraform module to automate creation of a role that allows cloudtruth to access a customer's aws resources

License

Notifications You must be signed in to change notification settings

cloudtruth/terraform-cloudtruth-access

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Grant Cloudtruth Access

Sets up a role and uses it to grant cloudtruth the permission to access the given resources within your aws account

Usage

module "grant_cloudtruth_access" {
  source = "github.com/cloudtruth/terraform-cloudtruth-access"

  role_name = "name-the-role-as-desired-matches-that-on-cloudtruth-integration-page"
  external_id = "generated-external-id-from-cloudtruth-integration-page"
  services_enabled = ["s3"]
}

IMPORTANT: We do not pin modules to versions in our examples because of the difficulty of keeping the versions in the documentation in sync with the latest released versions. We highly recommend that you pin the version to the exact version you are using so that your infrastructure remains stable.

Requirements

Name Version
terraform >= 0.12

Providers

Name Version
aws n/a

Inputs

Name Description Type Default Required
account_ids The AWS account IDs (for the cloudtruth account) that will be assuming the role list(string)
[
"609878994716"
]
no
external_id The external id used for limiting access. any n/a yes
role_name The role within your AWS account that cloudtruth will assume to perform its actions any n/a yes
s3_policy A custom policy to use for s3 instead of the one this module would define string "" no
s3_resources The s3 resources to explicitly grant access to, defaults to all, and listing
all buckets is always allowed (for bucket chooser in UI) even if access
isn't granted here
list(string)
[
"*"
]
no
services_enabled The AWS services to grant cloudtruth access to, allowed values are s3, ssm, secretsmanager list(string) n/a yes
services_write_enabled The AWS services to grant cloudtruth write access to, allowed values are s3, ssm, secretsmanager list(string) [] no
ssm_policy A custom policy to use for ssm instead of the one this module would define string "" no
ssm_resources The ssm resources to explicitly grant access to, defaults to all, and listing
all is always allowed (for chooser in UI) even if access
isn't granted here
list(string)
[
"*"
]
no
secretsmanager_policy A custom policy to use for secrets manager instead of the one this module would define string "" no
secretsmanager_resources The secrets manager resources to explicitly grant access to, defaults to all, and listing
all is always allowed (for chooser in UI) even if access
isn't granted here
list(string)
[
"*"
]
no
kms_decrypt_enabled Enable kms decryption using the specified kms keys; required only if ssm parameters or secretsmanager secrets use custom kms keys bool false no
kms_encrypt_enabled Enable kms decryption/encryption using the specified kms keys; required only if ssm parameters or secretsmanager secrets use custom kms keys bool false no
kms_keys The kms keys to explicitly grant access to list(string)
[]
no

Outputs

No output.

About

Terraform module to automate creation of a role that allows cloudtruth to access a customer's aws resources

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages