Skip to content

Commit

Permalink
Merge pull request #34 from SamuZad/main
Browse files Browse the repository at this point in the history
Fix iam_role_additional_policies
  • Loading branch information
vara-bonthu authored Jun 19, 2023
2 parents 24fc98c + d012ae5 commit d5b685b
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 6 deletions.
9 changes: 7 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,17 @@ module "mwaa" {
environment_class = "mw1.medium"
vpc_id = "<ENTER_VPC_ID>"
private_subnet_ids = ["<ENTER_SIBNET_ID1>","<ENTER_SIBNET_ID2>"]
private_subnet_ids = ["<ENTER_SUBNET_ID1>","<ENTER_SUBNET_ID2>"]
min_workers = 1
max_workers = 25
webserver_access_mode = "PUBLIC_ONLY" # Default PRIVATE_ONLY for production environments
input_iam_role_additional_policies = {
"additional-policy-1" = "<ENTER_POLICY_ARN1>"
"additional-policy-2" = "<ENTER_POLICY_ARN2>"
}
logging_configuration = {
dag_processing_logs = {
enabled = true
Expand Down Expand Up @@ -134,7 +139,7 @@ No modules.
| <a name="input_environment_class"></a> [environment\_class](#input\_environment\_class) | (Optional) Environment class for the cluster. Possible options are mw1.small, mw1.medium, mw1.large.<br>Will be set by default to mw1.small. Please check the AWS Pricing for more information about the environment classes. | `string` | `"mw1.small"` | no |
| <a name="input_execution_role_arn"></a> [execution\_role\_arn](#input\_execution\_role\_arn) | (Required) The Amazon Resource Name (ARN) of the task execution role that the Amazon MWAA and its environment can assume<br>Mandatory if `create_iam_role=false` | `string` | `null` | no |
| <a name="input_force_detach_policies"></a> [force\_detach\_policies](#input\_force\_detach\_policies) | IAM role Force detach policies | `bool` | `false` | no |
| <a name="input_iam_role_additional_policies"></a> [iam\_role\_additional\_policies](#input\_iam\_role\_additional\_policies) | Additional policies to be added to the IAM role | `list(string)` | `[]` | no |
| <a name="input_iam_role_additional_policies"></a> [iam\_role\_additional\_policies](#input\_iam\_role\_additional\_policies) | A map of additional policy ARNs to be added to the IAM role, with an arbitary key name | `map(string)` | `{}` | no |
| <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | IAM Role Name to be created if execution\_role\_arn is null | `string` | `null` | no |
| <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | IAM role path | `string` | `"/"` | no |
| <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | IAM role Permission boundary | `string` | `null` | no |
Expand Down
2 changes: 1 addition & 1 deletion locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ locals {

airflow_configuration_options = merge(local.default_airflow_configuration_options, var.airflow_configuration_options)

iam_role_additional_policies = { for k, v in toset(concat([var.iam_role_additional_policies])) : k => v if var.execution_role_arn != null }
iam_role_additional_policies = { for k, v in var.iam_role_additional_policies : k => v if var.create_iam_role }
}
2 changes: 1 addition & 1 deletion main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ resource "aws_iam_role_policy" "mwaa" {

resource "aws_iam_role_policy_attachment" "mwaa" {
for_each = local.iam_role_additional_policies
policy_arn = each.key
policy_arn = each.value
role = aws_iam_role.mwaa[0].id
}

Expand Down
4 changes: 2 additions & 2 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -171,8 +171,8 @@ variable "force_detach_policies" {

variable "iam_role_additional_policies" {
description = "Additional policies to be added to the IAM role"
type = list(string)
default = []
type = map(string)
default = {}
}

variable "iam_role_path" {
Expand Down

0 comments on commit d5b685b

Please sign in to comment.