Adding ability to add additional principal to trusted policy

aws-ia · Jun 4, 2024 · b26b1a9 · b26b1a9
1 parent 9af80d7
commit b26b1a9
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/data.tf b/data.tf
@@ -38,6 +38,13 @@ data "aws_iam_policy_document" "mwaa_assume" {
       type        = "Service"
       identifiers = ["s3.amazonaws.com"]
     }
+    dynamic "principals" {
+      for_each = var.additional_principal_arns
+      content {
+        type        = "AWS"
+        identifiers = [principals.value]
+      }
+    }
   }
 }
 #tfsec:ignore:AWS099

diff --git a/variables.tf b/variables.tf
@@ -157,6 +157,12 @@ variable "iam_role_name" {
   default     = null
 }
 
+variable "additional_principal_arns" {
+  description = "List of additional AWS principal ARNs"
+  type        = list(string)
+  default     = []
+}
+
 variable "iam_role_permissions_boundary" {
   description = "IAM role Permission boundary"
   type        = string