Skip to content
This repository has been archived by the owner on Jun 3, 2024. It is now read-only.
/ terraform-aws-runtime-connector Public archive

The `runtime-connector` module provisions an IAM role that a Sym Runtime uses to execute a Flow.

License

BSD-3-Clause license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

symopsio/terraform-aws-runtime-connector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.circleci
.circleci
 
 
docs
docs
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
v2.0.0-moved.tf
v2.0.0-moved.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

runtime-connector

The runtime-connector module provisions the AWS IAM role that a Sym Runtime uses to execute a Flow.

By default, this Sym Runtime Role has permissions to assume additional roles that have a path that begins with /sym/, and only within a provided safelist of AWS accounts. The Runtime always includes the current AWS account in the safelist.

The role created for the Runtime uses an External ID, a best practice for invoking cross-account roles.

module "runtime_connector" {
  source  = "symopsio/runtime-connector/aws"
  version = ">= 2.0.0"

  environment = "sandbox"
}

Upgrading from Version 1.x to 2.x

Several inputs and outputs have changed in the major version upgrade from 1.x to 2.x. Please see the Runtime Connector Module Version 2 Upgrade Guide for details and upgrade instructions.

Requirements

Name Version
terraform >= 0.13.7
aws >= 3.0
sym >= 2.0

Providers

Name Version
aws >= 3.0
random n/a
sym >= 2.0

Modules

No modules.

Resources

Name Type
aws_iam_policy.assume_roles resource
aws_iam_role.sym_runtime_connector_role resource
aws_iam_role_policy_attachment.attach_assume_roles resource
random_uuid.external_id resource
sym_integration.runtime_context resource
sym_runtime.this resource
aws_caller_identity.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
account_id_safelist List of additional AWS account IDs (beyond the current AWS account) that the Sym Runtime Role can assume roles in. (e.g. The SSO Management Account ID) list(string) [] no
environment The unique name of the environment in which you are deploying this Sym Runtime Role. (e.g. staging, or prod) string n/a yes
sym_account_id The AWS account ID that can assume the Sym Runtime Role. Defaults to the Sym Production AWS account ID. string "803477428605" no
tags Additional tags to apply to the AWS resources map(string) {} no

Outputs

Name Description
sym_integration A sym_integration resource that tells the Sym Runtime which AWS Role to assume to perform actions in your AWS account. For example, this can be used in sym_runtime and sym_secrets resources.
sym_runtime A sym_runtime resource to be passed into your sym_environment to enable the execution of AWS Strategies.
sym_runtime_connector_role An aws_iam_role resource. This AWS IAM Role will be assumed by the Sym Runtime to execute operations in your AWS account.

About

The `runtime-connector` module provisions an IAM role that a Sym Runtime uses to execute a Flow.

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 8

v2.0.2 Latest
Jun 1, 2023
+ 7 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages