feat: Added path parameter for aws_iam_policy resources (#127)

maartenvanderhoef · web-flow · commit f10f6a421c4e · 2024-07-04T07:10:13.000+03:00
diff --git a/README.md b/README.md
@@ -515,6 +515,7 @@ No modules.
 | <a name="input_policy"></a> [policy](#input\_policy) | An additional policy document ARN to attach to IAM role | `string` | `null` | no |
 | <a name="input_policy_json"></a> [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to IAM role | `string` | `null` | no |
 | <a name="input_policy_jsons"></a> [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to IAM role | `list(string)` | `[]` | no |
+| <a name="input_policy_path"></a> [policy\_path](#input\_policy\_path) | Path of IAM policy to use for EventBridge | `string` | `null` | no |
 | <a name="input_policy_statements"></a> [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to IAM role | `any` | `{}` | no |
 | <a name="input_role_description"></a> [role\_description](#input\_role\_description) | Description of IAM role to use for EventBridge | `string` | `null` | no |
 | <a name="input_role_force_detach_policies"></a> [role\_force\_detach\_policies](#input\_role\_force\_detach\_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no |
diff --git a/iam.tf b/iam.tf
@@ -58,6 +58,7 @@ resource "aws_iam_policy" "tracing" {
 
   name   = "${local.role_name}-tracing"
   policy = data.aws_iam_policy.tracing[0].policy
+  path   = var.policy_path
 
   tags = merge({ Name = "${local.role_name}-tracing" }, var.tags)
 }
@@ -90,6 +91,7 @@ resource "aws_iam_policy" "kinesis" {
 
   name   = "${local.role_name}-kinesis"
   policy = data.aws_iam_policy_document.kinesis[0].json
+  path   = var.policy_path
 
   tags = merge({ Name = "${local.role_name}-kinesis" }, var.tags)
 }
@@ -122,6 +124,7 @@ resource "aws_iam_policy" "kinesis_firehose" {
 
   name   = "${local.role_name}-kinesis-firehose"
   policy = data.aws_iam_policy_document.kinesis_firehose[0].json
+  path   = var.policy_path
 
   tags = merge({ Name = "${local.role_name}-kinesis-firehose" }, var.tags)
 }
@@ -158,6 +161,7 @@ resource "aws_iam_policy" "sqs" {
 
   name   = "${local.role_name}-sqs"
   policy = data.aws_iam_policy_document.sqs[0].json
+  path   = var.policy_path
 
   tags = merge({ Name = "${local.role_name}-sqs" }, var.tags)
 }
@@ -203,6 +207,7 @@ resource "aws_iam_policy" "sns" {
 
   name   = "${local.role_name}-sns"
   policy = data.aws_iam_policy_document.sns[0].json
+  path   = var.policy_path
 
   tags = merge({ Name = "${local.role_name}-sns" }, var.tags)
 }
@@ -242,6 +247,7 @@ resource "aws_iam_policy" "ecs" {
 
   name   = "${local.role_name}-ecs"
   policy = data.aws_iam_policy_document.ecs[0].json
+  path   = var.policy_path
 
   tags = merge({ Name = "${local.role_name}-ecs" }, var.tags)
 }
@@ -274,6 +280,7 @@ resource "aws_iam_policy" "lambda" {
 
   name   = "${local.role_name}-lambda"
   policy = data.aws_iam_policy_document.lambda[0].json
+  path   = var.policy_path
 
   tags = merge({ Name = "${local.role_name}-lambda" }, var.tags)
 }
@@ -306,6 +313,7 @@ resource "aws_iam_policy" "sfn" {
 
   name   = "${local.role_name}-sfn"
   policy = data.aws_iam_policy_document.sfn[0].json
+  path   = var.policy_path
 
   tags = merge({ Name = "${local.role_name}-sfn" }, var.tags)
 }
@@ -338,6 +346,7 @@ resource "aws_iam_policy" "api_destination" {
 
   name   = "${local.role_name}-api-destination"
   policy = data.aws_iam_policy_document.api_destination[0].json
+  path   = var.policy_path
 
   tags = merge({ Name = "${local.role_name}-api-destination" }, var.tags)
 }
@@ -374,6 +383,7 @@ resource "aws_iam_policy" "cloudwatch" {
 
   name   = "${local.role_name}-cloudwatch"
   policy = data.aws_iam_policy_document.cloudwatch[0].json
+  path   = var.policy_path
 
   tags = merge({ Name = "${local.role_name}-cloudwatch" }, var.tags)
 }
@@ -417,6 +427,7 @@ resource "aws_iam_policy" "additional_jsons" {
 
   name   = "${local.role_name}-${count.index}"
   policy = var.policy_jsons[count.index]
+  path   = var.policy_path
 
   tags = merge({ Name = "${local.role_name}-${count.index}" }, var.tags)
 }
@@ -502,6 +513,7 @@ resource "aws_iam_policy" "additional_inline" {
 
   name   = "${local.role_name}-inline"
   policy = data.aws_iam_policy_document.additional_inline[0].json
+  path   = var.policy_path
 
   tags = merge({ Name = "${local.role_name}-inline" }, var.tags)
 }
diff --git a/variables.tf b/variables.tf
@@ -220,6 +220,12 @@ variable "role_path" {
   default     = null
 }
 
+variable "policy_path" {
+  description = "Path of IAM policy to use for EventBridge"
+  type        = string
+  default     = null
+}
+
 variable "role_force_detach_policies" {
   description = "Specifies to force detaching any policies the IAM role has before destroying it."
   type        = bool

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,7 @@ resource "aws_iam_policy" "tracing" {`
`58`	`58`
`59`	`59`	`name = "${local.role_name}-tracing"`
`60`	`60`	`policy = data.aws_iam_policy.tracing[0].policy`
	`61`	`+ path = var.policy_path`
`61`	`62`
`62`	`63`	`tags = merge({ Name = "${local.role_name}-tracing" }, var.tags)`
`63`	`64`	`}`
`@@ -90,6 +91,7 @@ resource "aws_iam_policy" "kinesis" {`
`90`	`91`
`91`	`92`	`name = "${local.role_name}-kinesis"`
`92`	`93`	`policy = data.aws_iam_policy_document.kinesis[0].json`
	`94`	`+ path = var.policy_path`
`93`	`95`
`94`	`96`	`tags = merge({ Name = "${local.role_name}-kinesis" }, var.tags)`
`95`	`97`	`}`
`@@ -122,6 +124,7 @@ resource "aws_iam_policy" "kinesis_firehose" {`
`122`	`124`
`123`	`125`	`name = "${local.role_name}-kinesis-firehose"`
`124`	`126`	`policy = data.aws_iam_policy_document.kinesis_firehose[0].json`
	`127`	`+ path = var.policy_path`
`125`	`128`
`126`	`129`	`tags = merge({ Name = "${local.role_name}-kinesis-firehose" }, var.tags)`
`127`	`130`	`}`
`@@ -158,6 +161,7 @@ resource "aws_iam_policy" "sqs" {`
`158`	`161`
`159`	`162`	`name = "${local.role_name}-sqs"`
`160`	`163`	`policy = data.aws_iam_policy_document.sqs[0].json`
	`164`	`+ path = var.policy_path`
`161`	`165`
`162`	`166`	`tags = merge({ Name = "${local.role_name}-sqs" }, var.tags)`
`163`	`167`	`}`
`@@ -203,6 +207,7 @@ resource "aws_iam_policy" "sns" {`
`203`	`207`
`204`	`208`	`name = "${local.role_name}-sns"`
`205`	`209`	`policy = data.aws_iam_policy_document.sns[0].json`
	`210`	`+ path = var.policy_path`
`206`	`211`
`207`	`212`	`tags = merge({ Name = "${local.role_name}-sns" }, var.tags)`
`208`	`213`	`}`
`@@ -242,6 +247,7 @@ resource "aws_iam_policy" "ecs" {`
`242`	`247`
`243`	`248`	`name = "${local.role_name}-ecs"`
`244`	`249`	`policy = data.aws_iam_policy_document.ecs[0].json`
	`250`	`+ path = var.policy_path`
`245`	`251`
`246`	`252`	`tags = merge({ Name = "${local.role_name}-ecs" }, var.tags)`
`247`	`253`	`}`
`@@ -274,6 +280,7 @@ resource "aws_iam_policy" "lambda" {`
`274`	`280`
`275`	`281`	`name = "${local.role_name}-lambda"`
`276`	`282`	`policy = data.aws_iam_policy_document.lambda[0].json`
	`283`	`+ path = var.policy_path`
`277`	`284`
`278`	`285`	`tags = merge({ Name = "${local.role_name}-lambda" }, var.tags)`
`279`	`286`	`}`
`@@ -306,6 +313,7 @@ resource "aws_iam_policy" "sfn" {`
`306`	`313`
`307`	`314`	`name = "${local.role_name}-sfn"`
`308`	`315`	`policy = data.aws_iam_policy_document.sfn[0].json`
	`316`	`+ path = var.policy_path`
`309`	`317`
`310`	`318`	`tags = merge({ Name = "${local.role_name}-sfn" }, var.tags)`
`311`	`319`	`}`
`@@ -338,6 +346,7 @@ resource "aws_iam_policy" "api_destination" {`
`338`	`346`
`339`	`347`	`name = "${local.role_name}-api-destination"`
`340`	`348`	`policy = data.aws_iam_policy_document.api_destination[0].json`
	`349`	`+ path = var.policy_path`
`341`	`350`
`342`	`351`	`tags = merge({ Name = "${local.role_name}-api-destination" }, var.tags)`
`343`	`352`	`}`
`@@ -374,6 +383,7 @@ resource "aws_iam_policy" "cloudwatch" {`
`374`	`383`
`375`	`384`	`name = "${local.role_name}-cloudwatch"`
`376`	`385`	`policy = data.aws_iam_policy_document.cloudwatch[0].json`
	`386`	`+ path = var.policy_path`
`377`	`387`
`378`	`388`	`tags = merge({ Name = "${local.role_name}-cloudwatch" }, var.tags)`
`379`	`389`	`}`
`@@ -417,6 +427,7 @@ resource "aws_iam_policy" "additional_jsons" {`
`417`	`427`
`418`	`428`	`name = "${local.role_name}-${count.index}"`
`419`	`429`	`policy = var.policy_jsons[count.index]`
	`430`	`+ path = var.policy_path`
`420`	`431`
`421`	`432`	`tags = merge({ Name = "${local.role_name}-${count.index}" }, var.tags)`
`422`	`433`	`}`
`@@ -502,6 +513,7 @@ resource "aws_iam_policy" "additional_inline" {`
`502`	`513`
`503`	`514`	`name = "${local.role_name}-inline"`
`504`	`515`	`policy = data.aws_iam_policy_document.additional_inline[0].json`
	`516`	`+ path = var.policy_path`
`505`	`517`
`506`	`518`	`tags = merge({ Name = "${local.role_name}-inline" }, var.tags)`
`507`	`519`	`}`