Terraform module to connect Chainguard to your AWS account.
This module is needed to leverage certain service integrations from Chainguard.
This module binds a Chainguard IAM group to a AWS account.
module "chainguard-account-association" {
source = "chainguard-dev/chainguard-account-association/aws"
group_ids = [var.group_id]
account = var.account
}
resource "chainguard_account_associations" "example" {
name = "example"
group = var.group_id
amazon {
account = var.account
}
}Chainguard has an OIDC identity provider. This module configures your AWS acccount to recognize that OIDC identity provider and allows certain tokens to bind to certain IAM roles.
| Name | Version |
|---|---|
| aws | >= 2.7.0 |
| Name | Version |
|---|---|
| aws | >= 2.7.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_openid_connect_provider.chainguard_idp | resource |
| aws_iam_role.canary_role | resource |
| aws_iam_role.catalog-syncer | resource |
| aws_iam_role_policy_attachment.catalog-syncer-ecr-push | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account | The AWS account ID to which we are binding the Chainguard groups. | string |
n/a | yes |
| environment | Domain of the Chainguard environment | string |
"enforce.dev" |
no |
| group_ids | Chainguard IAM group IDs to bind your AWS account to. | list(string) |
n/a | yes |
No outputs.