terraform-aws-iam icon indicating copy to clipboard operation
terraform-aws-iam copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

feat: Add support for inline policy creation

Open fatmcgav opened this issue 1 year ago β€’ 4 comments

Description

This commit adds support for creating an inline policy for an IAM role to the iam-assumable-role-with-oidc and iam-assumable-role modules.

Also updated examples for these modules.

Based on the changes from #78

Motivation and Context

Allows creation of an IAM role with an inline policy. Fixes: #463 #419 #261

Breaking Changes

None

How Has This Been Tested?

  • [x] I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • [x] I have tested and validated these changes using one or more of the provided examples/* projects
  • [x] I have executed pre-commit run -a on my pull request

fatmcgav avatar Apr 19 '24 20:04 fatmcgav

@bryantbiggs Any chance of a review on this one? 😎

fatmcgav avatar Apr 30 '24 21:04 fatmcgav

@bryantbiggs / @antonbabenko Any chance of a review on this one? πŸ‘

fatmcgav avatar May 23 '24 08:05 fatmcgav

This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days

github-actions[bot] avatar Jun 23 '24 00:06 github-actions[bot]

bump

maor-paz-hs avatar Jul 01 '24 10:07 maor-paz-hs

why are we creating examples that look like users should be using https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/modules/iam-role-for-service-accounts-eks ?

bryantbiggs avatar Jul 02 '24 14:07 bryantbiggs

why are we creating examples that look like users should be using https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/modules/iam-role-for-service-accounts-eks ?

So for my use case, I needed to be able to add an inline policy to a role that's assumed by a 3rd party service, not by EKS...

fatmcgav avatar Jul 02 '24 14:07 fatmcgav

that doesn't really explain why the examples added are IRSA related?

bryantbiggs avatar Jul 02 '24 14:07 bryantbiggs

that doesn't really explain why the examples added are IRSA related?

Ah, ok... that was probably a poor copy'n'paste on my part... Will re-work to show a CircleCI related example...

fatmcgav avatar Jul 02 '24 16:07 fatmcgav

thank you - it doesn't have to fully function, you can make up OIDC provider details just to demonstrate the point (i.e. - we don't test whether the authentication flow between the role and the OIDC provider works correctly)

and the implementation is currently quite lacking - here is a reference that is closer to what we could support https://github.com/terraform-aws-modules/terraform-aws-eks/pull/3087

bryantbiggs avatar Jul 02 '24 16:07 bryantbiggs

and the implementation is currently quite lacking - here is a reference that is closer to what we could support terraform-aws-modules/terraform-aws-eks#3087

Nice... I'll replicate here πŸ‘

fatmcgav avatar Jul 02 '24 16:07 fatmcgav

RIght, I've pushed a couple of updates based on the changes from https://github.com/terraform-aws-modules/terraform-aws-eks/pull/3087 and also tweaked the oidc examples to reference CircleCI.

@bryantbiggs Let me know what you think πŸ‘

fatmcgav avatar Jul 02 '24 18:07 fatmcgav

This PR is included in version 5.40.0 :tada:

antonbabenko avatar Jul 05 '24 17:07 antonbabenko

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Aug 05 '24 02:08 github-actions[bot]