Creates an IAM role for use as a CodePipeline service role.
module "codepipeline_iam_role" {
source = "dod-iac/codepipeline-iam-role/aws"
name = format("app-%s-codepipeline-iam-role-%s", var.application, var.environment)
codebuild_projects_start = ["*"]
codecommit_repos_watch = ["*"]
s3_buckets_artifacts = ["*"]
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}Terraform 0.13. Pin module version to ~> 1.0.0 . Submit pull-requests to main branch.
Terraform 0.11 and 0.12 are not supported.
This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | >= 3.0, < 5.0 |
| Name | Version |
|---|---|
| aws | >= 3.0, < 5.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_policy.main | resource |
| aws_iam_role.main | resource |
| aws_iam_role_policy_attachment.main | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.assume_role_policy | data source |
| aws_iam_policy_document.main | data source |
| aws_partition.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| assume_role_policy | The assume role policy for the AWS IAM role. If blank, allows CodePipeline to assume the role. | string |
"" |
no |
| codebuild_projects_start | The ARNs of the CodeBuild projects that the pipeline will run. Use ["*"] to allow all CodeBuild projects. | list(string) |
[] |
no |
| codecommit_repos_watch | The ARNs of the CodeCommit repos that the pipeline will watch. Use ["*"] to allow all CodeCommit repos. | list(string) |
[] |
no |
| name | The name of the AWS IAM role. | string |
n/a | yes |
| policy_description | The description of the AWS IAM policy. Defaults to "The policy for [NAME]". | string |
"" |
no |
| policy_name | The name of the AWS IAM policy. Defaults to "[NAME]-policy". | string |
"" |
no |
| s3_buckets_artifacts | The ARNs of the AWS S3 buckets that will be used by the pipeline for storing input and output artifacts. Use ["*"] to allow all S3 buckets. | list(string) |
[] |
no |
| tags | Tags applied to the AWS IAM role. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| arn | The Amazon Resource Name (ARN) of the AWS IAM Role. |
| name | The name of the AWS IAM Role. |