From 0e7acaedfb7423db93e9d38e31dd4147007419be Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Tue, 24 Sep 2024 16:28:37 -0400 Subject: [PATCH] Update README via terraform-docs for recent commits --- README.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index a70b2ed..65ce7ef 100644 --- a/README.md +++ b/README.md @@ -93,9 +93,9 @@ No modules. | Name | Type | |------|------| -| [aws_iam_policy.s3_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.s3_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.s3_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy.s3_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.s3_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.s3_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.s3_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | @@ -104,22 +104,23 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | account\_ids | AWS account IDs that are allowed to assume the role. | `list(string)` | `[]` | no | -| additional\_role\_tags | Tags to apply to the IAM role that allows read-only access to the specified S3 buckets, in addition to the provider's default tags. | `map(string)` | `{}` | no | +| additional\_role\_tags | Tags to apply to the IAM role that allows access to the specified S3 buckets, in addition to the provider's default tags. | `map(string)` | `{}` | no | | aws\_region | The AWS region where the non-global resources are to be provisioned (e.g. "us-east-1"). | `string` | `"us-east-1"` | no | | entity\_name | The name of the entity that the role is being created for (e.g. "test-user"). | `string` | n/a | yes | | iam\_usernames | The list of IAM usernames allowed to assume the role. If not provided, defaults to allowing any user in the specified account(s). Note that including "root" in this list will override any other usernames in the list. | `list(string)` | ```[ "root" ]``` | no | -| read\_only | A Boolean value indicating whether or not to make the role read-only. If false then the role will allow write permissions. | `bool` | `true` | no | -| role\_description | The description to associate with the IAM role (as well as the corresponding policy) that allows read-only access to the specified object(s) in the specified S3 buckets. Note that the first "%s" in this value will get replaced with the s3\_bucket variable and the second "%s" will get replaced with the entity\_name variable. If there are less than two instances of "%s" present in this value, no replacements will be made and the value will be used as is. Including more than two instances of "%s" in this value will result in a Terraform error, so don't do that. | `string` | `"Allows read-only access to S3 bucket %s required for %s."` | no | -| role\_name | The name to assign the IAM role (as well as the corresponding policy) that allows read-only access to the specified S3 buckets. Note that the first "%s" in this value will get replaced with the s3\_bucket variable and the second "%s" will get replaced with the entity\_name variable. If there are less than two instances of "%s" present in this value, no replacements will be made and the value will be used as is. Including more than two instances of "%s" in this value will result in a Terraform error, so don't do that. If the role name is longer than the current AWS limit of 64 characters (either as-is or after "%s" replacements), the role name will be truncated to the first 64 characters. | `string` | `"%s-ReadOnly-%s"` | no | -| s3\_bucket | The name of the S3 bucket that the created role will be allowed to read from (e.g. "my-bucket"). | `string` | n/a | yes | -| s3\_objects | A list specifying the objects in the S3 bucket that the created role will be allowed to read (e.g. ["my-file", "projects\example\*"]). AWS-supported S3 ARN wildcards (* and ?) can be used, but full regular expressions can not. If not specified, the role will be allowed to read any object in the bucket. | `list(string)` | ```[ "*" ]``` | no | +| read\_only | A Boolean value indicating whether or not to make the role and policy read-only. If false then the role and policy will allow write permissions. | `bool` | `true` | no | +| role\_description | The description to associate with the IAM role (as well as the corresponding policy) that allows access to the specified object(s) in the specified S3 buckets. Note that the first "%s" in this value will get replaced with the s3\_bucket variable and the second "%s" will get replaced with the entity\_name variable. If there are less than two instances of "%s" present in this value, no replacements will be made and the value will be used as is. Including more than two instances of "%s" in this value will result in a Terraform error, so don't do that. | `string` | `"Allows access to S3 bucket %s required for %s."` | no | +| role\_name | The name to assign the IAM role (as well as the corresponding policy) that allows access to the specified S3 buckets. Note that the first "%s" in this value will get replaced with the s3\_bucket variable and the third "%s" will get replaced with the entity\_name variable. The second "%s" in this value will get replaced by "ReadOnly" if read\_only is true and "ReadWrite" otherwise. If there are less than three instances of "%s" present in this value then no replacements will be made and the value will be used as is. Including more than three instances of "%s" in this value will result in a Terraform error, so don't do that. If the role name is longer than the current AWS limit of 64 characters (either as-is or after "%s" replacements), the role name will be truncated to the first 64 characters. | `string` | `"%s-%s-%s"` | no | +| s3\_bucket | The name of the S3 bucket that the created role will be allowed access to (e.g. "my-bucket"). | `string` | n/a | yes | +| s3\_objects | A list specifying the objects in the S3 bucket that the created role will be allowed to access (e.g. ["my-file", "projects\example\*"]). AWS-supported S3 ARN wildcards (* and ?) can be used, but full regular expressions can not. If not specified, the role will be allowed to access any object in the bucket. | `list(string)` | ```[ "*" ]``` | no | ## Outputs ## | Name | Description | |------|-------------| -| policy | The IAM policy that can read the specified objects from the specified S3 bucket. | -| role | The IAM role that can read the specified objects from the specified S3 bucket. | +| policy | The IAM policy that can access the specified objects from the specified S3 bucket. | +| read\_only | A Boolean value indicating whether or not the role and policy are read-only. If false then the role and policy will allow write permissions. | +| role | The IAM role that can access the specified objects from the specified S3 bucket. | ## Notes ##