You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ROSAENG-57757 | feat: add trust_policy_external_id to account-iam-resources
Inject optional sts:ExternalId into installer and support account role trust
policies, expose module input/output, and regenerate module documentation.
Part of ROSA-786.
Signed-off-by: michaelryanmcneill <michael@michaelryanmcneill.com>
|[aws_iam_policy_document.custom_trust_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document)| data source |
60
59
|[aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition)| data source |
61
60
|[rhcs_info.current](https://registry.terraform.io/providers/terraform-redhat/rhcs/latest/docs/data-sources/info)| data source |
62
61
|[rhcs_policies.all_policies](https://registry.terraform.io/providers/terraform-redhat/rhcs/latest/docs/data-sources/policies)| data source |
| <aname="input_path"></a> [path](#input\_path)| The ARN path for the account/operator roles as well as their policies. |`string`|`"/"`| no |
72
71
| <aname="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary)| The ARN of the policy that is used to set the permissions boundary for the IAM roles in STS clusters. |`string`|`""`| no |
73
72
| <aname="input_tags"></a> [tags](#input\_tags)| List of AWS resource tags to apply. |`map(string)`|`null`| no |
73
+
| <aname="input_trust_policy_external_id"></a> [trust\_policy\_external\_id](#input\_trust\_policy\_external\_id)| External ID for trust policy condition in installer and support account roles. |`string`|`null`| no |
74
74
75
75
## Outputs
76
76
77
77
| Name | Description |
78
78
| ---- | ----------- |
79
79
| <aname="output_account_role_prefix"></a> [account\_role\_prefix](#output\_account\_role\_prefix)| The prefix used for all generated AWS resources. |
80
80
| <aname="output_account_roles_arn"></a> [account\_roles\_arn](#output\_account\_roles\_arn)| A map of Amazon Resource Names (ARNs) associated with the AWS IAM roles created. The key in the map represents the name of an AWS IAM role, while the corresponding value represents the associated Amazon Resource Name (ARN) of that role. |
81
+
| <aname="output_custom_trust_policy_json"></a> [custom\_trust\_policy\_json](#output\_custom\_trust\_policy\_json)| Rendered IAM trust policy JSON for each account role (Installer, Support, Worker, ControlPlane order). |
81
82
| <aname="output_openshift_version"></a> [openshift\_version](#output\_openshift\_version)| The Openshift cluster version of the cluster those account roles are used for. |
82
83
| <aname="output_path"></a> [path](#output\_path)| The arn path for the account/operator roles as well as their policies. |
84
+
| <aname="output_trust_policy_external_id"></a> [trust\_policy\_external\_id](#output\_trust\_policy\_external\_id)| External ID for trust policy condition in account roles |
0 commit comments