This modules creates an IAM role to allow Stacklet to discovery accounts in the organization.
Note: this must be run in the root account for the organization.
To use this module:
module "org-read" {
source = "stacklet/onboarding-org-read/aws"
version = "0.1.0"
resource_prefix = "<PREFIX>"
stacklet_external_id = "<EXTERNAL_ID>"
stacklet_assetdb_role_arn = "<ASSETDB_ROLE_ARN>"
stacklet_platform_role_arn = "<PLATFORM_ROLE_ARN>"
}where values for the stacklet_ prefixed variables are provided by Stacklet.
| Name | Version |
|---|---|
| terraform | >= 1 |
| aws | ~> 6.2 |
| Name | Version |
|---|---|
| aws | 6.2.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_role.org_read | resource |
| aws_iam_role_policy.tags_read | resource |
| aws_iam_role_policy_attachments_exclusive.org_read | resource |
| aws_iam_policy.org_readonly_access | data source |
| aws_iam_policy_document.org_read_assume | data source |
| aws_iam_policy_document.tags_read | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| iam_path | A path for IAM created IAM roles. If set, it must include leading and trailing slashes. | string |
"/" |
no |
| resource_prefix | An arbitrary prefix prepended to names of created resources. | string |
n/a | yes |
| stacklet_assetdb_role_arn | ARN for the role used by AssetDB - Provided by Stacklet. | string |
n/a | yes |
| stacklet_external_id | ID of the Stacklet deployment to restrict what can assume the roles - Provided by Stacklet. | string |
n/a | yes |
| stacklet_platform_role_arn | ARN for the role used by Platform - Provided by Stacklet. | string |
n/a | yes |
| Name | Description |
|---|---|
| org_read_role | ARN for the account-discovery role assumed by Stacklet Platform. |