chore: added examples for oidc with trusted roles

terraform-aws-modules · Aug 22, 2024 · a0e58a5 · a0e58a5
1 parent 810c3a8
commit a0e58a5
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 0 deletions.
diff --git a/examples/iam-assumable-role-with-oidc/README.md b/examples/iam-assumable-role-with-oidc/README.md
@@ -34,6 +34,8 @@ No providers.
 | <a name="module_iam_assumable_role_inline_policy"></a> [iam\_assumable\_role\_inline\_policy](#module\_iam\_assumable\_role\_inline\_policy) | ../../modules/iam-assumable-role-with-oidc | n/a |
 | <a name="module_iam_assumable_role_provider_trust_policy_conditions"></a> [iam\_assumable\_role\_provider\_trust\_policy\_conditions](#module\_iam\_assumable\_role\_provider\_trust\_policy\_conditions) | ../../modules/iam-assumable-role-with-oidc | n/a |
 | <a name="module_iam_assumable_role_self_assume"></a> [iam\_assumable\_role\_self\_assume](#module\_iam\_assumable\_role\_self\_assume) | ../../modules/iam-assumable-role-with-oidc | n/a |
+| <a name="module_iam_assumable_role_with_trusted_actions"></a> [iam\_assumable\_role\_with\_trusted\_actions](#module\_iam\_assumable\_role\_with\_trusted\_actions) | ../../modules/iam-assumable-role-with-oidc | n/a |
+| <a name="module_iam_assumable_role_with_trusted_roles"></a> [iam\_assumable\_role\_with\_trusted\_roles](#module\_iam\_assumable\_role\_with\_trusted\_roles) | ../../modules/iam-assumable-role-with-oidc | n/a |
 
 ## Resources
 

diff --git a/examples/iam-assumable-role-with-oidc/main.tf b/examples/iam-assumable-role-with-oidc/main.tf
@@ -120,3 +120,57 @@ module "iam_assumable_role_provider_trust_policy_conditions" {
     }
   ]
 }
+
+#####################################
+# IAM assumable role with trusted role
+#####################################
+module "iam_assumable_role_with_trusted_roles" {
+  source = "../../modules/iam-assumable-role-with-oidc"
+
+  create_role = true
+  role_name   = "role-with-trusted-roles"
+
+  tags = {
+    Role = "role-with-trusted-roles"
+  }
+
+  provider_url                   = "oidc.circleci.com/org/<CIRCLECI_ORG_UUID>"
+  oidc_fully_qualified_audiences = ["<CIRCLECI_ORG_UUID>"]
+
+  trusted_role_arns = [
+    "arn:aws:iam::307990089504:root",
+  ]
+
+  role_policy_arns = [
+    "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser",
+  ]
+}
+
+#####################################
+# IAM assumable role with trusted role
+#####################################
+module "iam_assumable_role_with_trusted_actions" {
+  source = "../../modules/iam-assumable-role-with-oidc"
+
+  create_role = true
+  role_name   = "role-with-trusted-actions"
+
+  tags = {
+    Role = "role-with-trusted-actions"
+  }
+
+  provider_url                   = "oidc.circleci.com/org/<CIRCLECI_ORG_UUID>"
+  oidc_fully_qualified_audiences = ["<CIRCLECI_ORG_UUID>"]
+
+  trusted_role_arns = [
+    "arn:aws:iam::307990089504:root",
+  ]
+
+  trusted_role_actions = [
+    "sts:AssumeRole"
+  ]
+
+  role_policy_arns = [
+    "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser",
+  ]
+}