» vault_aws_secret_backend_role
Creates a role on an AWS Secret Backend for Vault. Roles are used to map credentials to the policies that generated them.
Important All data provided in the resource configuration will be written in cleartext to state and plan files generated by Terraform, and will appear in the console output when Terraform runs. Protect these artifacts accordingly. See the main provider documentation for more details.
» Example Usage
resource "vault_aws_secret_backend" "aws" {
access_key = "AKIA....."
secret_key = "AWS secret key"
}
resource "vault_aws_secret_backend_role" "role" {
backend = "${vault_aws_secret_backend.aws.path}"
name = "deploy"
credential_type = "assumed_role"
policy_document = <<EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iam:*",
"Resource": "*"
}
]
}
EOT
}
» Argument Reference
The following arguments are supported:
-
backend
- (Required) The path the AWS secret backend is mounted at, with no leading or trailing/
s. -
name
- (Required) The name to identify this role within the backend. Must be unique within the backend. -
policy_document
- (Optional) The JSON-formatted policy to associate with this role. Eitherpolicy_document
orpolicy_arns
must be specified. -
policy_arns
- (Optional) The ARN for a pre-existing policy to associate with this role. Eitherpolicy_document
orpolicy_arns
must be specified. -
credential_type
- (Required) Specifies the type of credential to be used when retrieving credentials from the role. Must be one ofiam_user
,assumed_role
, orfederation_token
.
» Attributes Reference
No additional attributes are exported by this resource.
» Import
AWS secret backend roles can be imported using the path
, e.g.
$ terraform import vault_aws_secret_backend_role.role aws/roles/deploy