IAM Service-Linked Role
π¦ Overviewβ
This Terraform module provisions an IAM Service-Linked Role, enabling a specified AWS service to perform operations on your behalf securely and automatically.
β Key Featuresβ
- Creates a service-linked IAM role for the specified AWS service
- Automatically configures trust and permission policies per AWS best practices
- Tags the role with environment context
- Reduces the need for manual IAM configuration in tightly integrated AWS services
πΌ Use Casesβ
- Enable Elastic Beanstalk, Redshift, Lex, or other services to operate securely
- Eliminate custom role management for AWS-managed services
- Maintain IAM hygiene while meeting service integration requirements
- Use in sandbox, staging, or production environments where AWS services require permissions
π₯ Input Variablesβ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region for deployment |
| service_name | string | Fully qualified AWS service name (e.g., elasticbeanstalk.amazonaws.com) |
| environment | string | Environment tag (e.g., dev, staging, prod) |
π€ Outputsβ
| Name | Description |
|---|---|
| role_name | Name of the created service-linked IAM role |
| role_arn | ARN of the IAM role for service integration |
π Deployment Readinessβ
- β Compatible with Terraform 1.0+
- β Requires AWS Provider 5.x+
- π Requires
iam:CreateServiceLinkedRolepermissions
π οΈ Example Usageβ
module "iam_service_linked_role_deployment" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//identity/iam-service-linked-role?ref=v1.0.0"
region = "us-east-1"
service_name = "elasticbeanstalk.amazonaws.com"
environment = "staging"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
π§Ή Cleanupβ
Terraform Destroy:
terraform destroy
or
tofu destroy
Manual Deletion (if allowed):
aws iam delete-service-linked-role --service-name elasticbeanstalk.amazonaws.com
β οΈ Some service-linked roles may not be manually deletable until their associated resources are removed.
π‘οΈ Notesβ
This is a Level 1 identity module purpose-built for seamless integration with AWS services.
AWS automatically manages the trust and permission policiesβno custom role logic is required.
Perfect for secure, low-friction deployments of tightly coupled AWS services.
π Deployment Package Noticeβ
This module is part of the Level 1 AWS License Tier.
To access the full deployment package and source code, subscribe to Archiphire.