Configure OpenID Connect in AWS to retrieve temporary credentials and access services in AWS

Parts from: https://gitlab.com/guided-explorations/aws/configure-openid-connect-in-aws

Use-cases

• Retrieve temporary credentials from AWS to access cloud services

Examples

• GitLab - Creates an IAM identity provider for GitLab OIDC, an IAM role that trusts the IAM GitLab OIDC provider, and an IAM role for deployment purposes that trusts the latter.

Requirements

Name	Version
terraform	>= 1.0
aws	>= 5.0
tls	>= 4.0

Providers

Name	Version
aws	>= 5.0
tls	>= 4.0

Modules

No modules.

Resources

Name	Type
aws_iam_openid_connect_provider.this	resource
aws_iam_policy.this	resource
aws_iam_role.this	resource
aws_iam_role_policy_attachment.this	resource
aws_iam_policy_document.this	data source
tls_certificate.this	data source

Inputs

Name	Description	Type	Default	Required
client_id	This is the value that's sent as the client_id parameter on OAuth requests	string	n/a	yes
deploy_role_arns	ARNs of the roles the OIDC role can assume for deployment purposes	list(string)	n/a	yes
description	OIDC role description	string	null	no
force_detach_policies	Whether policies should be detached from the OIDC role when destroying	bool	true	no
idp_tls_url	The TLS URL of the identity provider	string	n/a	yes
idp_url	The URL of the identity provider. Corresponds to the iss claim	string	n/a	yes
name	Name to be used on all the resources as identifier	string	n/a	yes
permissions_boundary_arn	Permissions boundary ARN to use for the OIDC role	string	null	no
subjects	List of OIDC subjects that are permitted by the trust policy	list(string)	n/a	yes
tags	A map of additional tags to add to all resources	map(string)	{}	no

Outputs

Name	Description
role_arn	Role that must be assumed by the client

References

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html