feat(modules): iam-role sub-module

Author: saumitra-dev

modules/iam-role/.header.md

@@ -0,0 +1,3 @@
+# iam-role
+
+This sub-module creates IAM role and attaches appropriate IAM policies to the IAM role.

modules/iam-role/main.tf

@@ -0,0 +1,35 @@
+resource "aws_iam_role" "this" {
+  name               = var.name
+  description        = var.description
+  assume_role_policy = var.assume_role_policy
+
+  tags = var.tags
+}
+
+################################################################################
+# IAM Policy
+################################################################################
+
+resource "aws_iam_policy" "this" {
+  for_each = var.iam_policies
+
+  name        = each.value.name
+  description = each.value.description
+  policy      = jsonencode(each.value.policy)
+
+  tags = each.value.tags
+}
+
+resource "aws_iam_role_policy_attachment" "iam_policies" {
+  for_each = aws_iam_policy.this
+
+  role       = aws_iam_role.this.name
+  policy_arn = each.value.arn
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  for_each = var.iam_policy_attachments
+
+  role       = aws_iam_role.this.name
+  policy_arn = each.value
+}

modules/iam-role/outputs.tf

@@ -0,0 +1,23 @@
+output "id" {
+  description = "Name of the role."
+  value       = aws_iam_role.this.id
+}
+
+output "arn" {
+  description = "Amazon Resource Name (ARN) specifying the role."
+  value       = aws_iam_role.this.arn
+}
+
+################################################################################
+# IAM Policy
+################################################################################
+
+output "iam_policies_ids" {
+  description = "Map of IAM Policies Identifiers."
+  value       = { for name, iam_policy in aws_iam_policy.this : name => iam_policy.id }
+}
+
+output "iam_policies_arns" {
+  description = "Map of IAM Policies ARNs."
+  value       = { for name, iam_policy in aws_iam_policy.this : name => iam_policy.arn }
+}

modules/iam-role/variables.tf

@@ -0,0 +1,63 @@
+################################################################################
+# IAM Role
+################################################################################
+
+variable "name" {
+  description = "(Required, Forces new resource) Friendly name of the role."
+  type        = string
+  nullable    = false
+}
+
+variable "description" {
+  description = "(Optional, Default:null) Description of the role."
+  type        = string
+  default     = null
+}
+
+variable "assume_role_policy" {
+  description = "(Required) Policy that grants an entity permission to assume the role."
+  type        = any
+  nullable    = false
+}
+
+variable "tags" {
+  description = "(Optional, Default:{}) Key-value mapping of tags for the IAM role."
+  type        = map(string)
+  nullable    = false
+  default     = {}
+}
+
+################################################################################
+# IAM Policy
+################################################################################
+
+variable "iam_policies" {
+  description = "(Optional, Default:{}) Map of IAM policies to create and attach to the IAM Role."
+  type = map(
+    object({
+      name        = string
+      description = optional(string, null)
+      policy = object({
+        Version = optional(string, "2012-10-17")
+        Statement = list(
+          object({
+            Sid      = optional(string)
+            Effect   = string
+            Resource = string
+            Action   = optional(list(string), [])
+          })
+        )
+      })
+      tags = optional(map(string), {})
+    })
+  )
+  nullable = false
+  default  = {}
+}
+
+variable "iam_policy_attachments" {
+  description = "(Optional, Default:{}) Map of IAM Policy ARNs to attach to the IAM Role."
+  type        = map(string)
+  nullable    = false
+  default     = {}
+}

modules/iam-role/version.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.8.4"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}