Initial commit.

modules/aws-iam/outputs.tf

@@ -0,0 +1,4 @@
+output "aws_iam_roles_arns" {
+  description = "The arns of the created IAM roles"
+  value       = { for k, v in merge(aws_iam_role.self[*]...) : k => v.arn }
+}

modules/aws-iam/role.tf

@@ -0,0 +1,18 @@
+locals {
+  iam_roles = { for name, role in var.iam_roles : name => merge(var.default_iam_role, role) }
+}
+
+resource "aws_iam_role" "self" {
+  for_each             = local.iam_roles
+  name                 = each.key
+  assume_role_policy   = jsonencode(each.value.assume_role_policy)
+  permissions_boundary = each.value.permissions_boundary
+}
+
+resource "aws_iam_role_policy" "self" {
+  for_each   = { for role, role_config in local.iam_roles : role => role_config if length(role_config.policy) > 0 }
+  name       = each.key
+  role       = each.key
+  policy     = jsonencode(each.value.policy)
+  depends_on = [aws_iam_role.self]
+}

modules/aws-iam/variables.tf

@@ -0,0 +1,21 @@
+variable "default_iam_role" {
+  description = "The default parameters for and IAM Role definition"
+  type = object({
+    assume_role_policy   = any
+    permissions_boundary = any
+    policy               = any
+    tags                 = map(string)
+  })
+  default = {
+    assume_role_policy   = null
+    permissions_boundary = null
+    policy               = null
+    tags                 = {}
+  }
+}
+
+variable "iam_roles" {
+  type        = map(any)
+  default     = {}
+  description = "The list of IAM roles and their permissions. See `default_iam_role` for the list of available params"
+}