assume_role_policy

Type
Default null
Module iam-role

Trust Policy Structure

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": { "Service": "lambda.amazonaws.com" },
    "Action": "sts:AssumeRole"
  }]
}

Best Practices

  • Use the aws_iam_policy_document data source
  • Define specific principals
  • Avoid wildcard principals

Full Module Example

module "iam_role" {
  source  = "registry.patterneddesigns.ca/patterneddesigns/iam-role/aws"
  version = "0.1.0"

  # assume_role_policy
  assume_role_policy = "..."

  # Other required inputs
  name = "..."
}
Other Inputs
name req description path managed_policy_arns permissions_boundary max_session_duration force_detach_policies create_instance_profile instance_profile_name tags