Add Switch Role URL Output (#11)

* Update README * Support enabled flag for new output
cloudposse · Jan 2, 2019 · d69f938 · d69f938
1 parent c43c2e2
commit d69f938
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -107,19 +107,20 @@ Available targets:
   lint                                Lint terraform code
 
 ```
-
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
 | attributes | Additional attributes (e.g. `1`) | list | `<list>` | no |
 | delimiter | Delimiter to be used between `namespace`, `stage`, `name`, and `attributes` | string | `-` | no |
+| enabled | Whether to create these resources | string | `true` | no |
 | member_account_id | The ID of the member account to grant access permissions to the users in the Group | string | - | yes |
 | name | Name  (e.g. `app` or `cluster`) | string | - | yes |
 | namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes |
 | require_mfa | Require the users to have MFA enabled | string | `false` | no |
 | role_name | The name of the Role in the member account to grant permissions to the users in the Group | string | `OrganizationAccountAccessRole` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`, `infra`) | string | - | yes |
+| switchrole_url | URL to the IAM console to switch to a role | string | `https://signin.aws.amazon.com/switchrole?account=%s&roleName=%s&displayName=%s` | no |
 | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`) | map | `<map>` | no |
 | user_names | A list of IAM User names to associate with the Group | list | - | yes |
 
@@ -133,6 +134,7 @@ Available targets:
 | group_unique_id | Group's unique ID assigned by AWS |
 | policy_id | The policy ID |
 | policy_name | The name of the policy |
+| switchrole_url | URL to the IAM console to switch to the role |
 
 
 
@@ -214,7 +216,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
 
 ## Copyright
 
-Copyright © 2017-2018 [Cloud Posse, LLC](https://cpco.io/copyright)
+Copyright © 2017-2019 [Cloud Posse, LLC](https://cpco.io/copyright)
 
 
 

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -1,16 +1,17 @@
-
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
 | attributes | Additional attributes (e.g. `1`) | list | `<list>` | no |
 | delimiter | Delimiter to be used between `namespace`, `stage`, `name`, and `attributes` | string | `-` | no |
+| enabled | Whether to create these resources | string | `true` | no |
 | member_account_id | The ID of the member account to grant access permissions to the users in the Group | string | - | yes |
 | name | Name  (e.g. `app` or `cluster`) | string | - | yes |
 | namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes |
 | require_mfa | Require the users to have MFA enabled | string | `false` | no |
 | role_name | The name of the Role in the member account to grant permissions to the users in the Group | string | `OrganizationAccountAccessRole` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`, `infra`) | string | - | yes |
+| switchrole_url | URL to the IAM console to switch to a role | string | `https://signin.aws.amazon.com/switchrole?account=%s&roleName=%s&displayName=%s` | no |
 | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`) | map | `<map>` | no |
 | user_names | A list of IAM User names to associate with the Group | list | - | yes |
 
@@ -24,4 +25,5 @@
 | group_unique_id | Group's unique ID assigned by AWS |
 | policy_id | The policy ID |
 | policy_name | The name of the policy |
+| switchrole_url | URL to the IAM console to switch to the role |
 
diff --git a/output.tf b/output.tf
@@ -27,3 +27,8 @@ output "policy_id" {
   value       = "${join("", coalescelist(aws_iam_group_policy.without_mfa.*.id, aws_iam_group_policy.with_mfa.*.id))}"
   description = "The policy ID"
 }
+
+output "switchrole_url" {
+  description = "URL to the IAM console to switch to the role"
+  value       = "${local.enabled ? format(var.switchrole_url, var.member_account_id, var.role_name, module.label.id) : ""}"
+}
diff --git a/variables.tf b/variables.tf
@@ -41,6 +41,12 @@ variable "name" {
   description = "Name  (e.g. `app` or `cluster`)"
 }
 
+variable "switchrole_url" {
+  type        = "string"
+  description = "URL to the IAM console to switch to a role"
+  default     = "https://signin.aws.amazon.com/switchrole?account=%s&roleName=%s&displayName=%s"
+}
+
 variable "delimiter" {
   type        = "string"
   default     = "-"