Skip to content

aws.iam-role resource

Description

Role is an IAM role: a named identity, governed by a trust policy, that principals assume to receive temporary credentials. The fields mirror the IAM CreateRole API. The role name and path fix the role's identity and ARN, so a change to either replaces the role; the trust policy, description, session limit, permissions boundary, and tags all change in place.

Source: internal/service/iam/role_rsrc.go:28

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

resources: {
  example: aws.iam-role {
    # Set input fields here.
  }
}

Inputs

role-name

string

required

assume-role-policy-document

string

required

path

optional(string)

description

optional(string)

max-session-duration

optional(integer)

permissions-boundary

optional(string)

tags

map(string)

Input Constraints

Max session duration rules

max-session-duration must be between 3600 and 43200 seconds.

Rule logic
When
input.max-session-duration != null
Require
(input.max-session-duration == null || input.max-session-duration >= 3600)
&& (input.max-session-duration == null || input.max-session-duration <= 43200)

Outputs

arn

string

role-id

string

create-date

string