chore: switching to role name

appvia · Feb 16, 2025 · 42931dd · 42931dd
1 parent a19e05b
commit 42931dd
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 48 deletions.
diff --git a/modules/remote_state/README.md b/modules/remote_state/README.md
@@ -1,46 +1,5 @@
 # AWS OIDC Remote State Reader
 
-## Requirements
-
-| Name                                                                     | Version |
-| ------------------------------------------------------------------------ | ------- |
-| <a name="requirement_terraform"></a> [terraform](#requirement_terraform) | >= 1.0  |
-
-## Providers
-
-| Name                                                               | Version |
-| ------------------------------------------------------------------ | ------- |
-| <a name="provider_aws"></a> [aws](#provider_aws)                   | 5.41.0  |
-| <a name="provider_terraform"></a> [terraform](#provider_terraform) | n/a     |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name                                                                                                                             | Type        |
-| -------------------------------------------------------------------------------------------------------------------------------- | ----------- |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity)    | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region)                      | data source |
-| [terraform_remote_state.this](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
-
-## Inputs
-
-| Name                                                                                                   | Description                                                            | Type     | Default | Required |
-| ------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------- | -------- | ------- | :------: |
-| <a name="input_account_id"></a> [account_id](#input_account_id)                                        | Account ID where the remote state bucket is located                    | `string` | `null`  |    no    |
-| <a name="input_reader_role_arn"></a> [reader_role_arn](#input_reader_role_arn)                         | The ARN of the reader role to assume in order to read the remote state | `string` | n/a     |   yes    |
-| <a name="input_region"></a> [region](#input_region)                                                    | The region name where the destination resources have been created      | `string` | `null`  |    no    |
-| <a name="input_repository"></a> [repository](#input_repository)                                        | The name of the repository to lookup remote state for                  | `string` | n/a     |   yes    |
-| <a name="input_web_identity_token_file"></a> [web_identity_token_file](#input_web_identity_token_file) | Path to the web identity token file                                    | `string` | n/a     |   yes    |
-
-## Outputs
-
-| Name                                                     | Description |
-| -------------------------------------------------------- | ----------- |
-| <a name="output_outputs"></a> [outputs](#output_outputs) | n/a         |
-
 <!-- BEGIN_TF_DOCS -->
 ## Providers
 
@@ -53,11 +12,10 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | Account ID where the remote state bucket is located | `string` | n/a | yes |
 | <a name="input_repository"></a> [repository](#input\_repository) | The name of the repository to lookup remote state for | `string` | n/a | yes |
-| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | Account ID where the remote state bucket is located | `string` | `null` | no |
-| <a name="input_reader_role_arn"></a> [reader\_role\_arn](#input\_reader\_role\_arn) | The ARN of the reader role to assume in order to read the remote state | `string` | `null` | no |
+| <a name="input_reader_role"></a> [reader\_role](#input\_reader\_role) | The name of the reader role to assume in order to read the remote state | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | The region name where the destination resources have been created | `string` | `null` | no |
-| <a name="input_remote_account_id"></a> [remote\_account\_id](#input\_remote\_account\_id) | The account ID where the remote state bucket is located (optional if you specify a reader\_role\_arn) | `string` | `null` | no |
 | <a name="input_web_identity_token_file"></a> [web\_identity\_token\_file](#input\_web\_identity\_token\_file) | Path to the web identity token file | `string` | `null` | no |
 
 ## Outputs
@@ -66,4 +24,3 @@ No modules.
 |------|-------------|
 | <a name="output_outputs"></a> [outputs](#output\_outputs) | n/a |
 <!-- END_TF_DOCS -->
-
diff --git a/modules/remote_state/locals.tf b/modules/remote_state/locals.tf
@@ -10,6 +10,6 @@ locals {
   tf_state_bucket = format("%s-%s", local.account, local.region)
 
   ## Remote state role
-  role_arn = coalesce(var.reader_role_arn, format("arn:aws:iam::%s:role/%s-sr", var.account_id, var.repository))
+  role_arn = var.reader_role != null ? format("arn:aws:iam::%s:role/%s", local.account, var.reader_role) : format("arn:aws:iam::%s:role/%s-sr", local.account, var.repository)
 }
 
diff --git a/modules/remote_state/variables.tf b/modules/remote_state/variables.tf
@@ -3,8 +3,8 @@ variable "account_id" {
   type        = string
 }
 
-variable "reader_role_arn" {
-  description = "The ARN of the reader role to assume in order to read the remote state"
+variable "reader_role" {
+  description = "The name of the reader role to assume in order to read the remote state"
   type        = string
   default     = null
 }