TFC Workload Identity for AWS

Requirements

Name	Version
terraform	>= 1.0
aws	>= 4.0
tls	>= 4.0

Providers

Name	Version
aws	>= 4.0
tls	>= 4.0

Modules

Name	Source	Version
tfc_workload_identity_role	terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc	~> 5.27

Resources

Name	Type
aws_iam_openid_connect_provider.tfc_provider	resource
tls_certificate.tfc_certificate	data source

Inputs

Name	Description	Type	Default	Required
create_tfc_oidc_provider	Create TFC OIDC Provider. Only one can exist in an account	bool	true	no
create_tfc_workload_identity_role	Create IAM Role for TFC Workload Identity	bool	true	no
tags	List of tags for resources	map(string)	{}	no
tfc_oidc_provider_audiences	List of TFC OIDC Provider audiences. This is part of the security configuration between TFC and your AWS account	list(string)	[]	no
tfc_workload_identity_role	Name of the IAM Role for TFC	string	"TfcWorkloadIdentity"	no
tfc_workload_identity_role_audiences	List of allowed audiences for the IAM Role. Defaults to the one for the OIDC provider if unspecified.	list(string)	[]	no
tfc_workload_identity_role_description	Description of the IAM Role for TFC	string	"Terraform Cloud Workload Identity"	no
tfc_workload_identity_role_max_session_duration	Maximum CLI/API session duration in seconds between 3600 and 43200	number	3600	no
tfc_workload_identity_role_permissions_boundary_arn	Permissions boundary ARN to use for IAM role for TFC	string	""	no
tfc_workload_identity_role_policy_arns	List of ARN to attach the IAM Role for TFC	list(string)	[]	no
tfc_workload_identity_workspaces	Workspaces to allow access to the workload identity for this account	map( # Key is Organization map( # Key is Project list(string) # List of workspaces ) )	{}	no

Outputs

Name	Description
tfc_workload_identity_audience	Audience value for TFC workload identity
tfc_workload_identity_role_arn	IAM Role ARN for TFC Workload Identity
tfc_workload_identity_workspaces	Workspaces allowed to assume the Workload Identity IAM Role