This module manages installation of CloudHealth IAM Role in your AWS account.
Variable | Type | Description |
---|---|---|
external-id | String | IAM Role External ID assigned in CloudHealth platform |
s3-billing-bucket | String | S3 bucket location for consolidated accounts billing data (optional) |
s3-cur-bucket | String | S3 bucket location for consolidated accounts cost and usage data (optional) |
s3-cloudtrail-bucket | String | S3 bucket location for Cloudtrail data (optional) |
s3-config-bucket | String | S3 bucket location for AWS Config data (optional) |
s3-ecs-bucket | String | S3 bucket location for Elastic Container Service event stream data (optional) |
automated-ri-modification-enabled | Boolean | Additional permissions for enabling automated RI modification (default: false) |
automated-actions-enabled | Boolean | Additional permissions for enabling automated actions (default: false) |
additional-policy | String | Additional policy to associate with IAM Role (optional) |
Variable | Type | Description |
---|---|---|
cloudhealth-role-arn | String | IAM Role ARN created by the module |
external-id | String | IAM Role External ID assigned in CloudHealth platform |
cloudhealth-policy-arn | String | IAM Policy ARN created by the module |
Obtain your External ID from the CloudHealth platform under new AWS account setup page.
Define invocation of TF module
module "cloudhealth-iam-role" {
source = "github.com/CloudHealth/terraform-cloudhealth-iam/role"
external-id = "1234567890abcdefg"
s3-billing-bucket = "billing-bucket"
s3-cloudtrail-bucket = "cloudtrail-bucket"
automated-ri-modification-enabled = true
automated-actions-enabled = true
additional-policy = <<POLICY
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": "*"
}
POLICY
}
NOTE: You can pin a specific Git tagged version of this module using this notation. Here we're pinning to the tag, 0.0.16:
source = "git::https://github.com/CloudHealth/terraform-cloudhealth-iam.git//role?ref=tags/0.0.16"
Run terraform plan and apply
terraform plan -target=module.cloudhealth-iam-role
terraform apply -target=module.cloudhealth-iam-role
Get created ARN and External ID to use in CHT portal
terraform output -module=cloudhealth-iam-role
Authors: CloudHealth Team GSD ([email protected])