role_arn
The ARN of the IAM role.
Example Value
arn:aws:iam::123456789012:role/app-service-role
Usage
module "iam_role" {
source = "registry.patterneddesigns.ca/patterneddesigns/iam-role/aws"
version = "0.1.0"
# ... inputs
}
# Access this output
output "role_arn" {
value = module.iam_role.role_arn
}Related Outputs
Name of the IAM role. Use the name (not ARN) when: - Attaching policies via aws_iam_role_policy_attachment - Referencing in aws_iam_instance_profile - Using with AWS CLI commands Use the ARN instead when: - Configuring cross-account access - Setting up service-linked resources
Stable and unique string identifying the role. This ID remains constant even if the role is recreated with the same name. Use for: - CloudWatch log group policies scoped to specific roles - S3 bucket policies with aws:userId condition - Audit trails requiring stable identifiers
Unique identifier assigned by AWS (format: AROA...). This is the principal ID used in: - CloudTrail logs for role assumption events - S3 access logs identifying the caller - Resource policies using aws:userId conditions Unlike role_id, this is the AWS-assigned identifier that appears in audit logs and can be used to trace actions back to this role.
Timestamp when the role was created (ISO 8601 format). Useful for: - Auditing role age - Identifying stale roles for cleanup - Compliance reporting
ARN of the instance profile (if created). Only populated when create_instance_profile = true. Use this ARN when: - Launching EC2 instances with aws_instance.iam_instance_profile - Configuring Auto Scaling launch templates - Setting up ECS container instances
Name of the instance profile (if created). Only populated when create_instance_profile = true. Use the name when referencing in: - AWS CLI commands (aws ec2 associate-iam-instance-profile) - CloudFormation templates - Launch configurations
Unique identifier for the instance profile (if created). Only populated when create_instance_profile = true. Format: AIPA... (similar to role unique_id but for profiles)