Shared: IAM

Module creating shared IAM Role and Instance Profile

Shared Moduleshared/modules/iam

Created Resources

ResourceDescription
aws_iam_role.milu2_allowIAM Role MILU2-AWS-ALLOW
aws_iam_instance_profile.milu2_allowInstance Profile for EC2
aws_iam_role_policy_attachment.*Attach managed policies

Permissions

Role is attached with necessary permissions for EC2:

  • S3 - Read/write buckets
  • ECR - Pull images
  • CloudWatch - Push metrics/logs
  • SSM - Session Manager access

Info

Stage module 15-iam only reads (data source) this role, doesn't create new.

existing Flag

  • existing_iam = trueSkip, role already exists
  • existing_iam = falseCreate new

Outputs

NameDescription
role_arnIAM role ARN
instance_profile_nameInstance profile name