~/codewithstu

// open_source

AWS IAM Role

OpenTofu module for creating AWS IAM roles with inline policies, managed policy attachments, flexible assume role configuration, and permission boundaries

View on GitHub

Overview

This module creates AWS IAM roles with inline policies and managed policy attachments. It supports flexible assume role configuration via service principals, account ARNs, or custom policy documents.

Key Features

  • IAM role creation with configurable assume role policy
  • Inline policy support via a map of policy name to JSON
  • Managed policy attachment via external ARNs
  • Assume role configuration for AWS services, account ARNs, or custom policies
  • Permission boundary support
  • Configurable session duration and path

Usage

module "iam_role" {
  source = "git::https://github.com/Im5tu/opentofu-aws-iam-role.git?ref=main"
 
  name                 = "my-lambda-role"
  assume_role_services = ["lambda.amazonaws.com"]
 
  external_attachment_arns = [
    "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
  ]
}