-
-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: allow passing in a permissions boundary #115
base: main
Are you sure you want to change the base?
Conversation
variables.tf
Outdated
|
||
variable "permissions_boundary" { | ||
type = string | ||
default = "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this default to null instead?
default = "" | |
default = null |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please regenerate the docs
I believe you can run
make init
# one of the below should work
make docker/readme
make readme
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
main.tf
Outdated
@@ -137,6 +137,8 @@ module "cloudwatch_log" { | |||
|
|||
retention_in_days = var.retention_in_days | |||
|
|||
permissions_boundary = var.permissions_boundary |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think of prefixing the inlut with logging_
so it's flear the perm boundary is for the cloudwatch logging module's resources ?
permissions_boundary = var.permissions_boundary | |
permissions_boundary = var.logging_permissions_boundary |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good call. made this change
variables.tf
Outdated
@@ -200,3 +200,9 @@ variable "transport_protocol" { | |||
error_message = "Invalid protocol type must be one of: udp, tcp." | |||
} | |||
} | |||
|
|||
variable "permissions_boundary" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Related to https://github.com/cloudposse/terraform-aws-ec2-client-vpn/pull/115/files#r1853814788
variable "permissions_boundary" { | |
variable "logging_permissions_boundary" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
what
Allows a permissions_boundary to be passed in to this module.
why
The cloudwatch logs module being referenced in this module creates an IAM role. Currently there is no way to set a permissions boundary for this role (which make's it impossible to use this module in an environment that requires permission boundaries). This PR allows a boundary to be set and then passed into the sub module that contains IAM resources.
references