IAM Role

Assumable identity for AWS services.

identity
category8
settings1
inputs1
outputs

Configuration

Setting	Type	Required	Default
Role name	Text	Yes	—
Description	Text	—	—
Max session (s)	Number	—	3600
Assume-role policy (JSON)	Text	Yes	{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
Managed policy ARNs (literal / ${var})	List	—	—
Permissions boundary ARN	Text	—	—
Path	Text	—	/
Tags	Key–value	—	—

Connections

Socket	Direction	Accepts	Terraform arg
Policiesmulti	Input	aws.iam-policy	managed_policy_arns
Assumed by	Output	aws.amplify-app, aws.appsync, aws.appsync-datasource, aws.aurora, aws.backup-plan, aws.bedrock-agent, aws.bedrock-knowledge-base, aws.cloudtrail, aws.codebuild, aws.codedeploy, aws.codepipeline, aws.cognito-identity-pool, aws.datasync-location-s3, aws.ecs-task-definition, aws.eks-cluster, aws.eventbridge-pipe, aws.eventbridge-rule, aws.eventbridge-target, aws.glue-crawler, aws.glue-job, aws.iam-instance-profile, aws.iam-role-policy, aws.iam-role-policy-attachment, aws.kendra-index, aws.kinesis-firehose, aws.lambda, aws.lex-bot, aws.medialive-channel, aws.medialive-input, aws.mwaa, aws.neptune-cluster, aws.rds, aws.rds-proxy, aws.redshift, aws.redshift-serverless-namespace, aws.s3-replication-configuration, aws.sagemaker-domain, aws.sagemaker-feature-group, aws.sagemaker-model, aws.sagemaker-notebook-instance, aws.sagemaker-pipeline, aws.sagemaker-user-profile, aws.scheduler-schedule, aws.sns, aws.sns-subscription, aws.step-functions, aws.synthetics-canary, aws.transfer-server, aws.transfer-user	—