feat: add support for adding custom policies (#37)

philips-labs · Aug 17, 2022 · b0ef8a5 · b0ef8a5
1 parent 4f8fd5b
commit b0ef8a5
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -86,6 +86,7 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_iam_role.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [random_string.random](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [aws_iam_policy_document.github_actions_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 
@@ -101,6 +102,7 @@ No modules.
 | <a name="input_role_name"></a> [role\_name](#input\_role\_name) | (Optional) role name of the created role, if not provided the `namespace` will be used. | `string` | `null` | no |
 | <a name="input_role_path"></a> [role\_path](#input\_role\_path) | (Optional) Path for the created role, requires `repo` is set. | `string` | `"/github-actions/"` | no |
 | <a name="input_role_permissions_boundary"></a> [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | (Optional) Boundary for the created role, requires `repo` is set. | `string` | `null` | no |
+| <a name="input_role_policy_arns"></a> [role\_policy\_arns](#input\_role\_policy\_arns) | List of ARNs of IAM policies to attach to IAM role | `list(string)` | `[]` | no |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -84,3 +84,10 @@ resource "aws_iam_role" "main" {
   permissions_boundary = var.role_permissions_boundary
   assume_role_policy   = data.aws_iam_policy_document.github_actions_assume_role_policy[0].json
 }
+
+resource "aws_iam_role_policy_attachment" "custom" {
+  count = length(var.role_policy_arns)
+
+  role       = join("", aws_iam_role.main.*.name)
+  policy_arn = var.role_policy_arns[count.index]
+}
diff --git a/variables.tf b/variables.tf
@@ -64,3 +64,9 @@ variable "role_permissions_boundary" {
   type        = string
   default     = null
 }
+
+variable "role_policy_arns" {
+  description = "List of ARNs of IAM policies to attach to IAM role"
+  type        = list(string)
+  default     = []
+}