IAM Role Basic
π¦ Overviewβ
This Terraform module provisions a basic AWS IAM role with a user-defined trust policy for service or external entity assumption.
Itβs ideal for enabling secure delegation of permissions between AWS services, workloads, or accounts.
β Key Featuresβ
- Creates an IAM role with a customizable trust policy
- Supports assumption by services like EC2, Lambda, ECS, or external accounts
- Adds environment-based tags for organization and visibility
- Designed to be paired with permission policies for modular role design
πΌ Use Casesβ
- Granting ECS tasks or Lambda functions the ability to access AWS services
- Delegating cross-account access with secure trust relationships
- Structuring permission boundaries using IAM roles in layered applications
- Creating scoped identity roles for CI/CD or automation pipelines
π₯ Input Variablesβ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region where the IAM role will be created |
| role_name | string | Name to assign to the IAM role |
| assume_role_policy | string | Valid JSON string defining the trust relationship policy |
| environment | string | Tag to specify the deployment environment (e.g., dev, staging, prod) |
π€ Outputsβ
| Name | Description |
|---|---|
| role_name | The name of the created IAM role |
| role_arn | The ARN of the IAM role |
π Deployment Readinessβ
- β Compatible with Terraform 1.0+
- β Tested with AWS provider 5.x
- π§ͺ Requires IAM permissions to create roles and upload trust policies
π οΈ Example Usageβ
module "iam-role-basic-deployment" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//identity/iam-role-basic?ref=v1.0.0"
region = "us-east-1"
role_name = "ecsTaskExecutionRole"
assume_role_policy = file("policies/ecs-trust-policy.json")
environment = "staging"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
π§Ή Cleanup Optionsβ
Terraform Destroy (for test environments):
terraform destroy
or
tofu destroy
Manual Deletion (for production systems):
aws iam delete-role --role-name ecsTaskExecutionRole
π‘οΈ Notesβ
This is a Level 1 identity module for base IAM role provisioning. To grant permissions to this role, use:
iam-policy-inline iam-policy-managed iam-role-policy-attachment
π Deployment Package Noticeβ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.