Updates resouce docs for IAM Role type, formats alks.tf example file

Cox-Automotive · Apr 2, 2021 · ff04de8 · ff04de8
1 parent 4c01484
commit ff04de8
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 7 deletions.
diff --git a/docs/resources/alks_iamrole.md b/docs/resources/alks_iamrole.md
@@ -5,6 +5,7 @@ Creates an custom ALKS IAM role for usage in an AWS account.
 ## Example Usage
 
 ### ALKS IAM Role Creation
+
 ```hcl
 resource "alks_iamrole" "test_role" {
     name                     = "My_Test_Role"
@@ -14,22 +15,41 @@ resource "alks_iamrole" "test_role" {
 }
 ```
 
+### ALKS Dynamic Role Creation
+
+```hcl
+resource "alks_iamrole" "test_dynamic_role" {
+    name                     = "my_dynamic_role"
+    type                     = "Amazon EKS IRSA"
+    include_default_policies = false
+    enable_alks_access       = false
+    template_fields          = {
+        "OIDC_PROVIDER"       = "abc1234"
+        "K8S_NAMESPACE"       = "default"
+        "K8S_SERVICE_ACCOUNT" = "my-service-account"
+    }
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
+
 * `name` - (Required) The name of the ALKS IAM role which will be reflected in AWS and the ALKS UI.
 * `type` - (Required) The role type to use. To see a list of available roles, [call this endpoint](https://pages.ghe.coxautoinc.com/ETS-CloudAutomation/ALKS-Documentation/#/aws-role-type-rest-service/getAllAwsRoleTypesUsingGET).
 * `include_default_policies` - (Required) Whether or not the default manages policies should be attached to the role.
 * `role_added_to_ip` - (Computed) Indicates whether or not an instance profile role was created.
 * `arn` - (Computed) Provides the ARN of the role that was created.
 * `ip_arn` - (Computed) If `role_added_to_ip` was `true` this will provide the ARN of the instance profile role.
 * `enable_alks_access` - (Optional) If `true`, allows ALKS calls to be made by instance profiles or Lambda functions making use of this role. Note: This enables **machine identity** capability.
+* `template_fields` - (Optional) If present, will submit template field data to ALKS.  Note: This will generate an error if the role type does not support template fields.
 
 ## Import
 
 !> **Warning:** This will force-replace the resource.
 
 ALKS IAM roles can be imported using the `name`, e.g.
-```
-$ terraform import alks_iamrole.test_role My_Test_Role
+
+```sh
+terraform import alks_iamrole.test_role My_Test_Role
 ```
diff --git a/examples/alks.tf b/examples/alks.tf
@@ -46,8 +46,8 @@ resource "alks_iamrole" "test_dynamic_role" {
   include_default_policies = false
   enable_alks_access       = true
   template_fields = {
-    "OIDC_PROVIDER" = "abc1234"
-    "K8S_NAMESPACE" = "default"
+    "OIDC_PROVIDER"       = "abc1234"
+    "K8S_NAMESPACE"       = "default"
     "K8S_SERVICE_ACCOUNT" = "definitely-not-real"
   }
 }
@@ -64,7 +64,7 @@ resource "alks_iamrole" "test_role_nonprod" {
 # ATTACH POLICY
 resource "aws_iam_role_policy" "test_policy" {
   name   = "test_policy"
-  role   = "${alks_iamrole.test_role.name}"
+  role   = alks_iamrole.test_role.name
   policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -83,11 +83,11 @@ EOF
 
 # ATTACH MANAGED POLICY
 resource "aws_iam_role_policy_attachment" "sr-attach" {
-  role       = "${alks_iamrole.test_role.name}"
+  role       = alks_iamrole.test_role.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService"
 }
 
 # CREATE LTK USER
 resource "alks_ltk" "ltk" {
   iam_username = "TEST_LTK_USER"
-}
+}