# s3_bucket_writer_role

A role to enable read/write access to a specific S3 bucket via `sts:AssumeRole`.
It's primarily intended for cross-account scenarios. This is a little odd perhaps
compared to S3 bucket policies and things allowing for native cross-account
access via `Principal` in the bucket policy itself.

I went this way so that scripts running on EC2 nodes with instance roles would
have the ablility to (when needed) use an AssumeRole in order to gain
read-write access to a bucket that 99.99% of the time they don't need the
read-write access.

## inputs

| Argument      | type           | value / description |
|---------------|----------------|---------------------|
| name          | string         | The name of the role we're making.  It will be in the /service/ path in IAM
| trusted_arns  | list(string)   | The ARNs that should be able to assume this role |
| kms_key_arns  | list(string)   | (optional) KMS keys that we need to access the bucket |
| description   | string         | Description tied to the role |
| bucket        | string         | The bucket that this policy should allow write access to |
| tags          | map            | (optional) Tags to be applied
| standard_tags | map            | (optional) Other tags to be applied from terragrunt