Skip to content

Commit

Permalink
Add extra permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@psychomantys
psychomantys committed Oct 22, 2024
1 parent f9b0f19 commit 1f82961
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 2 deletions.
9 changes: 9 additions & 0 deletions _data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,4 +51,13 @@ data "aws_iam_policy_document" "allow_read_write" {
}
}

data "aws_iam_policy_document" "extra_custom_policy" {
count = var.create && (var.create_iam_user || length(var.create_iam_eks_role) > 0) ? 1 : 0

statement = try(
var.extra_custom_policy,
[]
)
}

data "aws_canonical_user_id" "current" {}
5 changes: 5 additions & 0 deletions _variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,11 @@ variable "create_iam_eks_role" {
default = {}
}

variable "extra_custom_policy" {
type = any
default = []
}

variable "cors_rules" {
#type = list(any)
default = [
Expand Down
6 changes: 4 additions & 2 deletions eks.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ module "iam_eks_role" {

role_name = var.bucket_name
cluster_service_accounts = var.create_iam_eks_role
role_policy_arns = {
role_policy_arns = merge({
for idx, policy in aws_iam_policy.bucket_rw : aws_iam_policy.bucket_rw[idx].name => aws_iam_policy.bucket_rw[idx].arn
}
},{
for idx, policy in aws_iam_policy.extra_custom_policy : aws_iam_policy.extra_custom_policy[idx].name => aws_iam_policy.extra_custom_policy[idx].arn
})
}
17 changes: 17 additions & 0 deletions iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,20 @@ resource "aws_iam_policy" "bucket_rw" {

description = "Provides read-write access to the '${var.bucket_name}' S3 bucket"
}

// Extra custom policy
resource "aws_iam_user_policy_attachment" "extra_custom_policy" {
count = var.create && var.create_iam_user ? 1 : 0

user = aws_iam_user.bucket_user[0].name
policy_arn = aws_iam_policy.extra_custom_policy[0].arn
}

resource "aws_iam_policy" "extra_custom_policy" {
count = var.create && (var.create_iam_user || length(var.create_iam_eks_role) > 0) ? 1 : 0

name = "${var.bucket_name}-extra-custom-policy"
policy = data.aws_iam_policy_document.extra_custom_policy[0].json

description = "Provides extra custom policy to the '${var.bucket_name}' S3 bucket"
}

0 comments on commit 1f82961

Please sign in to comment.