Skip to content
/ terraform-aws-circleci-oidc-provider Public
generated from terraform-module/terraform-module-blueprint

Fully configurable terraform module to access AWS APIs from CircleCI through OpenID Connect.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jaconi-io/terraform-aws-circleci-oidc-provider

BranchesTags

Repository files navigation

AWS CircelCI OIDC Provider Terraform Module

This module allows you to create a CircelCI OIDC provider and the associated IAM roles, that will help CircleCI to securely authenticate against the AWS API using an IAM role.

Documentation

Usage example

IMPORTANT: The master branch is used in source just as an example. In your code, do not pin to master because there may be breaking changes between releases. Instead pin to the release tag (e.g. ?ref=tags/x.y.z) of one of our latest releases.

module "circleci-oidc" {
  source = "TBD"
  version = "TBD"

  create_oidc_provider = true
  create_oidc_role     = true

  circleci_org_uuid = "1a1a1a1a-2b2b-3c3c-4d4d-5e5e5e5e5e5e"
  circleci_project_uuids = [
    "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
    "11111111-2222-3333-4444-555555555555"
  ]
  
  circleci_oidc_role_attach_policies = [
    "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
  ]
}

AWS CircelCI OIDC Provider Terraform Module

Purpose

This module allows you to create a CircleCI OIDC provider for your AWS account, that will help CircleCI to securely authenticate against the AWS API using an IAM role

Requirements

Name Version
terraform >= 1.0
aws >= 5.20

Providers

Name Version
aws >= 5.20

Modules

No modules.

Resources

Name Type
aws_iam_openid_connect_provider.circleci resource
aws_iam_role.circleci resource
aws_iam_role_policy_attachment.attach resource
aws_iam_policy_document.circleci data source

Inputs

Name Description Type Default Required
circleci_max_session_duration Maximum session duration in seconds. number 3600 no
circleci_oidc_role_attach_policies List of IAM policies to attach to the CircleCI OIDC role. list(string) [] no
circleci_org_uuid The CircleCI organization UUID to be authorized to assume the role. string n/a yes
circleci_project_uuids List of CircleCI project UUIDs to be authorized to assume the role. list(string) [] no
circleci_role_description (Optional) Description of the role. string "Role assumed by the CircleCI OIDC provider." no
circleci_role_name Name of the CircleCI OIDC role. string "circleci-oidc-provider-aws" no
circleci_thumbprint CircleCI OpenID TLS certificate thumbprint. string "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" no
tags A mapping of tags to assign to all resources created by this module. map(string) {} no

Outputs

Name Description
oidc_provider_arn OIDC provider ARN
oidc_role CICD GitHub role.

📝 Guidelines

  • 📝 Use a succinct title and description.
  • 🐛 Bugs & feature requests can be be opened
  • 📶 Support questions are better asked on Stack Overflow
  • 😊 Be nice, civil and polite (as always).

License

Copyright 2024 jaconi GmbH

MIT Licensed. See LICENSE for full details.

How to Contribute

Submit a pull request

Authors

Currently maintained by jaconi-io.

ForTheBadge uses-git

Terraform Registry

TODO

Resources

TODO

Acknowledgements

This module was heavily inspired by the terraform-aws-github-oidc-provider module.

About

Fully configurable terraform module to access AWS APIs from CircleCI through OpenID Connect.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages