#terraform-aws-modules (2023-02)

terraform Terraform Modules

Discussions related to https://github.com/terraform-aws-modules

Archive: https://archive.sweetops.com/terraform-aws-modules/

2023-02-07

JoseF avatar

I am trying to set up a admin group that requires to have restriction in kms access/usage (some kinda boundaries to the scope of the group permission), however I am confuse between terraform-aws-iam-role and terraform-aws-iam-policy which should I use and how can I restrict the scope of the admin to not have access to the kms service?

cloudposse/terraform-aws-iam-role
cloudposse/terraform-aws-iam-policy

2023-02-10

Przemek avatar
Przemek

Hello!

Maybe someone can advice how to handle issue,

Im using module cloudposse/label/null to provision tags to resources, but with iam role module cloudposse/iam-role/aws there is tags generated example

+ tags                  = {
          + "Name"              = "some name"
          + "tag1"        = "x"
          + "tag2"                  = "b"

and many mores, but this Name tag is starting with N and terraform apply is failing with some issue that iam role not supporting this tag, any tip how to change from Name to name ?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

try to use this variable https://github.com/cloudposse/terraform-null-label/blob/master/variables.tf#L108 - include all tags you want, exclude name

variable "labels_as_tags" {
Przemek avatar
Przemek

ok, and variables tags and labels_as_tags can be together ?

Przemek avatar
Przemek

as Im not sure if I understand it properly, I tried to just labels_as_tags: [] but still all tags appear, how this shall works ? can you advice ?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

i’m not sure what’s the issue with labels_as_tags, you can show here your code how you are using it

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

regarding /iam-role/aws module, maybe try to use this var https://github.com/cloudposse/terraform-aws-iam-role/blob/master/variables.tf#L92

variable "tags_enabled" {
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

also, it’s strange that it does not accept Name tag, there is a working example here https://github.com/cloudposse/terraform-aws-iam-role/tree/master/examples/complete which uses all the tags, and it gets provisioned on AWS on each PR

2023-02-13

    keyboard_arrow_up