Skip to content

Commit

Permalink
Merge pull request #171 from domain-protect/rm-deprecated-iam-role-ar…
Browse files Browse the repository at this point in the history
…gument

fix: remove deprecated argument from aws_iam_role
  • Loading branch information
paulschwarzenberger authored Jan 3, 2025
2 parents 0c5470b + 48a3ca9 commit 593d637
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 1 deletion.
5 changes: 5 additions & 0 deletions modules/iam/data.tf
Original file line number Diff line number Diff line change
@@ -1 +1,6 @@
data "aws_caller_identity" "current" {}

data "aws_iam_policy" "default" {
for_each = var.takeover ? toset(var.managed_policy_names) : toset([])
name = each.value
}
7 changes: 6 additions & 1 deletion modules/iam/main.tf
Original file line number Diff line number Diff line change
@@ -1,10 +1,15 @@
resource "aws_iam_role" "lambda" {
name = "${var.project}-${var.takeover ? "takeover" : var.role_name == "policyname" ? var.policy : var.role_name}-${var.environment}"
assume_role_policy = templatefile("${path.module}/templates/${var.assume_role_policy}_role.json.tpl", { project = var.project })
managed_policy_arns = var.takeover ? ["arn:aws:iam::aws:policy/AmazonVPCFullAccess", "arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk", "arn:aws:iam::aws:policy/AmazonS3FullAccess", "arn:aws:iam::aws:policy/AWSCloudFormationFullAccess"] : []
permissions_boundary = var.permissions_boundary_arn
}

resource "aws_iam_role_policy_attachment" "default" {
for_each = var.takeover ? toset([for policy in data.aws_iam_policy.default : policy.arn]) : toset([])
role = aws_iam_role.lambda.name
policy_arn = each.value
}

resource "aws_iam_role_policy" "lambda" {
name = "${var.project}-${var.role_name == "policyname" ? var.policy : var.role_name}-${var.environment}"
role = aws_iam_role.lambda.id
Expand Down
10 changes: 10 additions & 0 deletions modules/iam/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,16 @@ variable "policy" {
default = "lambda"
}

variable "managed_policy_names" {
description = "Managed policy names to attach to the IAM role"
default = [
"AdministratorAccess-AWSElasticBeanstalk",
"AWSCloudFormationFullAccess",
"AmazonS3FullAccess",
"AmazonVPCFullAccess",
]
}

variable "takeover" {
description = "include managed policies to enable takeover"
default = false
Expand Down

0 comments on commit 593d637

Please sign in to comment.