Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit cddcf93

Browse files
rgrund-informantonbabenko
andauthored
feat: Add optional policy_path variable used for policy definitions (#60)
Co-authored-by: Anton Babenko <anton@antonbabenko.com>
1 parent ef27130 commit cddcf93

File tree

3 files changed

+12
-0
lines changed

3 files changed

+12
-0
lines changed

‎README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -200,6 +200,7 @@ No modules.
200200
| <a name="input_policy"></a> [policy](#input\_policy) | An additional policy document ARN to attach to IAM role | `string` | `null` | no |
201201
| <a name="input_policy_json"></a> [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to IAM role | `string` | `null` | no |
202202
| <a name="input_policy_jsons"></a> [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to IAM role | `list(string)` | `[]` | no |
203+
| <a name="input_policy_path"></a> [policy\_path](#input\_policy\_path) | Path of IAM policies to use for Step Function | `string` | `null` | no |
203204
| <a name="input_policy_statements"></a> [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to IAM role | `any` | `{}` | no |
204205
| <a name="input_publish"></a> [publish](#input\_publish) | Determines whether to set a version of the state machine when it is created. | `bool` | `false` | no |
205206
| <a name="input_role_arn"></a> [role\_arn](#input\_role\_arn) | The Amazon Resource Name (ARN) of the IAM role to use for this Step Function | `string` | `""` | no |

‎main.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,7 @@ resource "aws_iam_policy" "service" {
116116
for_each = { for k, v in var.service_integrations : k => v if local.create_role && var.attach_policies_for_integrations }
117117

118118
name = "${local.role_name}-${each.key}"
119+
path = var.policy_path
119120
policy = data.aws_iam_policy_document.service[each.key].json
120121
tags = var.tags
121122
}
@@ -137,6 +138,7 @@ resource "aws_iam_policy" "additional_json" {
137138
count = local.create_role && var.attach_policy_json ? 1 : 0
138139

139140
name = local.role_name
141+
path = var.policy_path
140142
policy = var.policy_json
141143
tags = var.tags
142144
}
@@ -157,6 +159,7 @@ resource "aws_iam_policy" "additional_jsons" {
157159
count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0
158160

159161
name = "${local.role_name}-${count.index}"
162+
path = var.policy_path
160163
policy = var.policy_jsons[count.index]
161164
tags = var.tags
162165
}
@@ -241,6 +244,7 @@ resource "aws_iam_policy" "additional_inline" {
241244
count = local.create_role && var.attach_policy_statements ? 1 : 0
242245

243246
name = "${local.role_name}-inline"
247+
path = var.policy_path
244248
policy = data.aws_iam_policy_document.additional_inline[0].json
245249
tags = var.tags
246250
}
@@ -283,6 +287,7 @@ resource "aws_iam_policy" "logs" {
283287
count = local.create_role && local.enable_logging && var.attach_cloudwatch_logs_policy ? 1 : 0
284288

285289
name = "${local.role_name}-logs"
290+
path = var.policy_path
286291
policy = data.aws_iam_policy_document.logs[0].json
287292
tags = var.tags
288293
}

‎variables.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -246,6 +246,12 @@ variable "policy" {
246246
default = null
247247
}
248248

249+
variable "policy_path" {
250+
description = "Path of IAM policies to use for Step Function"
251+
type = string
252+
default = null
253+
}
254+
249255
variable "policies" {
250256
description = "List of policy statements ARN to attach to IAM role"
251257
type = list(string)

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /