| aws_account_id |
The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider |
string |
false |
|
| create_role |
Whether to create a role |
bool |
false |
|
| force_detach_policies |
Whether policies should be detached from this role when destroying |
bool |
false |
|
| max_session_duration |
Maximum CLI/API session duration in seconds between 3600 and 43200 |
number |
false |
|
| number_of_role_policy_arns |
Number of IAM policies to attach to IAM role |
number |
false |
|
| oidc_fully_qualified_audiences |
The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise. |
set(string) |
false |
|
| oidc_fully_qualified_subjects |
The fully qualified OIDC subjects to be added to the role policy |
set(string) |
false |
|
| oidc_subjects_with_wildcards |
The OIDC subject using wildcards to be added to the role policy |
set(string) |
false |
|
| provider_url |
URL of the OIDC Provider. Use provider_urls to specify several URLs. |
string |
false |
|
| provider_urls |
List of URLs of the OIDC Providers |
list(string) |
false |
|
| role_description |
IAM Role description |
string |
false |
|
| role_name |
IAM role name |
string |
false |
|
| role_name_prefix |
IAM role name prefix |
string |
false |
|
| role_path |
Path of IAM role |
string |
false |
|
| role_permissions_boundary_arn |
Permissions boundary ARN to use for IAM role |
string |
false |
|
| role_policy_arns |
List of ARNs of IAM policies to attach to IAM role |
list(string) |
false |
|
| tags |
A map of tags to add to IAM role resources |
map(string) |
false |
|
| writeConnectionSecretToRef |
The secret which the cloud resource connection will be written to |
writeConnectionSecretToRef |
false |
|