feat: add support for aws roles

Signed-off-by: Kevin Lefevre <[email protected]>

README.md

@@ -31,6 +31,7 @@ No modules.
 |------|------|
 | [vault_audit.audit](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/audit) | resource |
 | [vault_auth_backend.auth_backends](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/auth_backend) | resource |
+| [vault_aws_auth_backend_role.aws](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/aws_auth_backend_role) | resource |
 | [vault_generic_secret.secret](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/generic_secret) | resource |
 | [vault_github_auth_backend.github](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/github_auth_backend) | resource |
 | [vault_github_team.github](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/github_team) | resource |
@@ -46,6 +47,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_audits"></a> [audits](#input\_audits) | n/a | `any` | `{}` | no |
 | <a name="input_auth_backends"></a> [auth\_backends](#input\_auth\_backends) | n/a | `any` | `{}` | no |
+| <a name="input_aws_roles"></a> [aws\_roles](#input\_aws\_roles) | n/a | `any` | `{}` | no |
 | <a name="input_github_auths"></a> [github\_auths](#input\_github\_auths) | n/a | `any` | `{}` | no |
 | <a name="input_github_roles_teams"></a> [github\_roles\_teams](#input\_github\_roles\_teams) | n/a | `any` | `{}` | no |
 | <a name="input_github_roles_users"></a> [github\_roles\_users](#input\_github\_roles\_users) | n/a | `any` | `{}` | no |

main.tf

@@ -70,3 +70,21 @@ resource "vault_kubernetes_auth_backend_role" "kubernetes" {
   token_policies                   = try(each.value.token_policies, null)
   depends_on                       = [vault_policy.policy]
 }
+
+resource "vault_aws_auth_backend_role" "aws" {
+  for_each                        = var.aws_roles
+  backend                         = try(each.value.backend, null)
+  role                            = try(each.value.role, null)
+  auth_type                       = try(each.value.auth_type, null)
+  bound_ami_ids                   = try(each.value.bound_ami_ids, null)
+  bound_account_ids               = try(each.value.bound_account_ids, null)
+  bound_vpc_ids                   = try(each.value.bound_vpc_ids, null)
+  bound_subnet_ids                = try(each.value.bound_subnet_ids, null)
+  bound_iam_role_arns             = try(each.value.bound_iam_role_arns, null)
+  bound_iam_instance_profile_arns = try(each.value.bound_iam_instance_profile_arns, null)
+  inferred_entity_type            = try(each.value.inferred_entity_type, null)
+  inferred_aws_region             = try(each.value.inferred_aws_region, null)
+  token_ttl                       = try(each.value.token_ttl, null)
+  token_max_ttl                   = try(each.value.token_max_ttl, null)
+  token_policies                  = try(each.value.token_policies, null)
+}

variables.tf

@@ -18,6 +18,11 @@ variable "kubernetes_roles" {
   default = {}
 }
 
+variable "aws_roles" {
+  type    = any
+  default = {}
+}
+
 variable "github_roles_teams" {
   type    = any
   default = {}