[+] policy_arn_attachments option added

g31s · Feb 4, 2022 · 76662fa · 76662fa
1 parent 4a959c5
commit 76662fa
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -53,6 +53,7 @@ More examples: [Examples](./examples/)
 | max_app_count               |       N     |      10   |   number  |       -   | 100 |
 | extra_ports 	              | 	   	N 		| 	    []	 	|  list(string)	| Open extra port in task definition	 	|	["443","542"] |
 | secrets 	              	  | 	   	N 		| 	    []	 	|  list(object) | Will add IAM permissions and secrets to task definition |	[aws_secretsmanager_secret.main.usernamer,aws_secretsmanager_secret.main.password]|
+| policy_arn_attachments      |     N       |       []    | list(string)   | can provide addition policies arns to be attached to ecs roles | [arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole] |
 | aws_appmesh_virtual_node 	  | 	   	N 		| 	  "none"	|	  string 	| virtual node or virtual gateway must be present|aws_appmesh_virtual_node.main.name |
 | virtual_gateway             | 	   	N 		| 	  "none"	|	  string 	| virtual node or virtual gateway must be present|"test_virtual_gateway" |
 | envoy_proxy_image           | 	   	N 		|"840364872350.dkr.ecr.us-east-1.amazonaws.com/aws-appmesh-envoy:v1.15.1.0-prod"|string|work for all regions except: me-south-1, ap-east-1, and eu-south-1  |me-south-1 : "772975370895.dkr.ecr.me-south-1.amazonaws.com/aws-appmesh-envoy:v1.15.1.0-prod" |

diff --git a/roles.tf b/roles.tf
@@ -1,6 +1,6 @@
 /*
 Module: ECS-Fargate-Appmesh
-Version: 1.0.0
+Version: 1.2.7
 
 This file will create:
   - IAM policy: to allow ecs tasks to assume role
@@ -55,4 +55,11 @@ resource "aws_iam_role_policy_attachment" "sm-policy-attach" {
   count      = length(var.secrets) == 0 ? 0 : 1
   role       = aws_iam_role.ecs_task_execution_role.name
   policy_arn = "arn:aws:iam::aws:policy/SecretsManagerReadWrite"
-}
+}
+
+// add module provided policies
+resource "aws_iam_role_policy_attachment" "module-provided-policies" {
+  count      = length(var.policy_arn_attachments) == 0 ? 0 : length(var.policy_arn_attachments)
+  role       = aws_iam_role.ecs_task_execution_role.name
+  policy_arn = count.index
+}
diff --git a/variables.tf b/variables.tf
@@ -1,6 +1,6 @@
 /*
 Module: ECS-Fargate-APPMESH
-Version: 1.0.0
+Version: 1.2.7
 
 This file defines all the variables for this module.
 Variables are divided into two sections:
@@ -55,7 +55,13 @@ variable "vpc" {
 variable "prefix" {
   type        = string
   description = "project prefix added to all resources created"
-  default = "EFA"
+  default     = "EFA"
+}
+
+variable "policy_arn_attachments" {
+  type        = list(string)
+  description = "list of  policies that needs to be attached"
+  default     = []
 }
 
 // app variables