Skip to content

ministryofjustice/modernisation-platform-github-oidc-role

BranchesTags

Repository files navigation

Modernisation Platform Github Web Identity Assumable Role Module

repo standards badge

Usage

module "github-webidentity-assumable-role" {

  source = "https://github.com/ministryofjustice/modernisation-platform-github-oidc-role"

  github_repositories         = ["ministryofjustice/modernisation-platform-environments:*","ministryofjustice/modernisation-platform:*"]
  role_name                   = "modernisation-platform-github-actions"
  policy_arns                 = ["arn:aws:iam::aws:policy/AdministratorAccess"]
  policy_jsons                = [data.aws_iam_policy_document.first-policy.json, data.aws_iam_policy_document.second-policy.json]
  tags                        = local.tags

}

Looking for issues?

If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.

Requirements

Name Version
terraform ~> 1.0
aws ~> 6.0

Providers

Name Version
aws ~> 6.0

Modules

No modules.

Resources

Name Type
aws_iam_policy.additional-permissions resource
aws_iam_role.this resource
aws_iam_role_policy_attachment.additional-permissions resource
aws_iam_role_policy_attachment.policy-arns resource
aws_caller_identity.current data source
aws_iam_policy_document.combined-role-policy data source
aws_iam_policy_document.this data source

Inputs

Name Description Type Default Required
github_repositories The github repositories, for example ["ministryofjustice/modernisation-platform-environments:*"] list(string) n/a yes
max_session_duration The maximum session duration (in seconds) that you want to set for the specified role. Defaults to 3600 number 3600 no
policy_arns List of policy ARNs for the assumable role. Defaults to ["arn:aws:iam::aws:policy/ReadOnlyAccess"] list(string) 
[
  "arn:aws:iam::aws:policy/ReadOnlyAccess"
]
 no
policy_jsons List of policy jsons for the assumable role. Defaults to [] list(string) [] no
role_name Name of role string n/a yes
subject_claim Github OIDC subject claim, defaults to * string "*" no
tags Common tags to be used by all resources map(string) n/a yes

Outputs

Name Description
role IAM Role created for use by the OIDC provider
role_additional_permissions_policy Additional role policy for the role
role_trust_policy Assume role policy for the role

About

Module for creating additional roles assumable via the OIDC provider for use in Github Actions • This repository is defined and managed in Terraform

Topics

github aws actions oidc terraform-module civil-service modernisation-platform

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

2 stars

Watchers

111 watching

Forks

2 forks
Report repository

Releases 7

v4.0.0 Latest
Jul 11, 2025
+ 6 releases

Packages

 
 
 

Contributors

Languages

Generated from ministryofjustice/modernisation-platform-terraform-module-template