saidsef / terraform-aws-terraform-cloud-oidc Goto Github PK
View Code? Open in Web Editor NEWTerraform Cloud Dynamic Credentials module as an IAM OIDC identity provider in AWS
License: Apache License 2.0
Terraform Cloud Dynamic Credentials module as an IAM OIDC identity provider in AWS
License: Apache License 2.0
Terraform Cloud allows to specify TFC_AWS_PLAN_ROLE_ARN
and TFC_AWS_APPLY_ROLE_ARN
for using different IAM roles for different stages.
I thought of using the module for creating two definitions:
#
# Define OIDC provider for TFC and ReadOnly IAM role
#
module "tfc_oidc_provider_and_readonly_role" {
source = "saidsef/terraform-cloud-oidc/aws"
version = "1.7.3"
attach_admin_policy = false
attach_read_only_policy = true
create_oidc_provider = true
enabled = true
force_detach_policies = false
organisation = var.tfc_organization_name
projects = local.tfc_projects
iam_role_name = "terraform-cloud-readonly-iam-role-${local.account_id}"
iam_role_path = "/"
iam_role_permissions_boundary = ""
iam_role_policy_arns = []
max_session_duration = 3600
tags = local.tags
url = var.tfc_hostname
}
#
# Define IAM role with admin permissions for existing OIDC provider
#
module "tfc_oidc_provider_admin_role" {
source = "saidsef/terraform-cloud-oidc/aws"
version = "1.7.3"
depends_on = [
module.tfc_oidc_provider_and_readonly_role
]
attach_admin_policy = true
attach_read_only_policy = false
create_oidc_provider = false
enabled = true
force_detach_policies = false
organisation = var.tfc_organization_name
projects = local.tfc_projects
iam_role_name = "terraform-cloud-admin-iam-role-${local.account_id}"
iam_role_path = "/"
iam_role_permissions_boundary = ""
iam_role_policy_arns = []
max_session_duration = 3600
tags = local.tags
url = var.tfc_hostname
}
However, when I run the plan
command I receive the following error:
โท
โ Error: Invalid index
โ
โ on .terraform/modules/tfc_oidc_provider_admin_role/current.tf line 22, in data "aws_iam_policy_document" "assume_role":
โ 22: values = [format("%s", one(aws_iam_openid_connect_provider.provider[0].client_id_list))]
โ โโโโโโโโโโโโโโโโโ
โ โ aws_iam_openid_connect_provider.provider is empty tuple
โ
โ The given key does not identify an element in this collection value: the collection has no elements.
โต
I suppose, there might be added a parameter of the module containing the reference to previously defined OIDC provider.
Currently there is a default organisation value set - it is set to the current repo organisation name.
Please remove default organisation value and make it required.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.