Feature/add iam role name prefix

README.md

@@ -14,7 +14,7 @@ A Terraform module that creates an IAM role.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.78.0 |
 
 ## Modules
 
@@ -33,12 +33,13 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_name"></a> [name](#input\_name) | The name of the role | `string` | n/a | yes |
 | <a name="input_assume_policy"></a> [assume\_policy](#input\_assume\_policy) | The assume policy to attach to the role | `string` | `null` | no |
 | <a name="input_create_policy"></a> [create\_policy](#input\_create\_policy) | Overrule whether the IAM role policy has to be created | `bool` | `null` | no |
 | <a name="input_description"></a> [description](#input\_description) | The description of the role | `string` | `null` | no |
 | <a name="input_force_detach_policies"></a> [force\_detach\_policies](#input\_force\_detach\_policies) | Force detaching any policies the role has before destroying it | `bool` | `false` | no |
 | <a name="input_max_session_duration"></a> [max\_session\_duration](#input\_max\_session\_duration) | The maximum session duration (in seconds) for the role | `number` | `3600` | no |
+| <a name="input_name"></a> [name](#input\_name) | The name of the role.  Conflicts with `name_prefix`. | `string` | `null` | no |
+| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | Creates a unique role and policy name beginning with the specified prefix. Conflicts with `name`. | `string` | `null` | no |
 | <a name="input_path"></a> [path](#input\_path) | Path to the role | `string` | `"/"` | no |
 | <a name="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary) | The permissions boundary to set on the role | `string` | `null` | no |
 | <a name="input_policy_arns"></a> [policy\_arns](#input\_policy\_arns) | A set of policy ARNs to attach to the user | `set(string)` | `[]` | no |
@@ -56,4 +57,4 @@ No modules.
 | <a name="output_id"></a> [id](#output\_id) | ID of the role |
 | <a name="output_name"></a> [name](#output\_name) | The name of the role |
 | <a name="output_unique_id"></a> [unique\_id](#output\_unique\_id) | Unique ID of the role |
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->

main.tf

@@ -17,6 +17,7 @@ data "aws_iam_policy_document" "default" {
 
 resource "aws_iam_role" "default" {
   name                  = "${var.name}${var.postfix ? "Role" : ""}"
+  name_prefix           = var.name_prefix
   assume_role_policy    = local.assume_policy
   description           = var.description
   force_detach_policies = var.force_detach_policies
@@ -29,9 +30,10 @@ resource "aws_iam_role" "default" {
 resource "aws_iam_role_policy" "default" {
   count = local.create_policy ? 1 : 0
 
-  name   = "${var.name}${var.postfix ? "Policy" : ""}"
-  role   = aws_iam_role.default.id
-  policy = var.role_policy
+  name        = "${var.name}${var.postfix ? "Policy" : ""}"
+  name_prefix = var.name_prefix
+  role        = aws_iam_role.default.id
+  policy      = var.role_policy
 }
 
 resource "aws_iam_role_policy_attachment" "default" {

variables.tf

@@ -1,6 +1,23 @@
 variable "name" {
   type        = string
-  description = "The name of the role"
+  default     = null
+  description = "The name of the role.  Conflicts with `name_prefix`."
+
+  validation {
+    condition     = var.name != null ? length(var.name) <= 63 : true
+    error_message = "The name must be less than or equal to 63 characters in length"
+  }
+}
+
+variable "name_prefix" {
+  type        = string
+  default     = null
+  description = "Creates a unique role and policy name beginning with the specified prefix. Conflicts with `name`."
+
+  validation {
+    condition     = var.name_prefix != null ? length(var.name_prefix) <= 37 : true
+    error_message = "The name prefix must be less than or equal to 37 characters in length"
+  }
 }
 
 variable "assume_policy" {