locals {
environments = {
dev = {
max_session = 3600
policies = ["arn:aws:iam::aws:policy/AdministratorAccess"]
}
staging = {
max_session = 7200
policies = ["arn:aws:iam::aws:policy/PowerUserAccess"]
}
prod = {
max_session = 3600
policies = ["arn:aws:iam::aws:policy/ReadOnlyAccess"]
}
}
}
module "deploy_roles" {
for_each = local.environments
source = "registry.patterneddesigns.ca/patterneddesigns/iam-role/aws"
version = "2.0.0"
name = "deploy-${each.key}-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Principal = { Service = "codepipeline.amazonaws.com" }
Action = "sts:AssumeRole"
}]
})
managed_policy_arns = each.value.policies
max_session_duration = each.value.max_session
}
output "role_arns" {
value = { for k, v in module.deploy_roles : k => v.role_arn }
}