-
-
Notifications
You must be signed in to change notification settings - Fork 1k
/
Copy pathvariables.tf
101 lines (85 loc) · 2.47 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
variable "create_role" {
description = "Whether to create a role"
type = bool
default = false
}
variable "provider_url" {
description = "URL of the OIDC Provider. Use provider_urls to specify several URLs."
type = string
default = ""
}
variable "provider_urls" {
description = "List of URLs of the OIDC Providers"
type = list(string)
default = []
}
variable "aws_account_id" {
description = "The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider"
type = string
default = ""
}
variable "tags" {
description = "A map of tags to add to IAM role resources"
type = map(string)
default = {}
}
variable "role_name" {
description = "IAM role name"
type = string
default = null
}
variable "role_name_prefix" {
description = "IAM role name prefix"
type = string
default = null
}
variable "role_description" {
description = "IAM Role description"
type = string
default = ""
}
variable "role_path" {
description = "Path of IAM role"
type = string
default = "/"
}
variable "role_permissions_boundary_arn" {
description = "Permissions boundary ARN to use for IAM role"
type = string
default = ""
}
variable "max_session_duration" {
description = "Maximum CLI/API session duration in seconds between 3600 and 43200"
type = number
default = 3600
}
variable "role_policy_arns" {
description = "List of ARNs of IAM policies to attach to IAM role"
type = list(string)
default = []
}
variable "number_of_role_policy_arns" {
description = "Number of IAM policies to attach to IAM role"
type = number
default = null
}
variable "oidc_fully_qualified_subjects" {
description = "The fully qualified OIDC subjects to be added to the role policy"
type = set(string)
default = []
}
variable "oidc_subjects_with_wildcards" {
description = "The OIDC subject using wildcards to be added to the role policy"
type = set(string)
default = []
}
variable "oidc_fully_qualified_audiences" {
description = "The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise."
type = set(string)
default = []
}
variable "force_detach_policies" {
description = "Whether policies should be detached from this role when destroying"
type = bool
default = false
}