Merge pull request #44 from sundeepkovo/adding-configurable-groups

NO-TICKET Allow user group to be configurable.

README.md

@@ -48,6 +48,7 @@ string | `quay.io/turner/turner-defaultbackend:0.2.0` | no |
 | tags | Tags for the infrastructure | map | - | yes |
 | datadog_tags | Tags for datadog agent container. <sup>(1)</sup> Please add `team:team-name` to datadog tags | string | - | yes<sup>(1)</sup> |
 | vpc | The VPC to use for the Fargate cluster | string | - | yes |
+| additional_user_groups | Any additional groups the user should belong to that's used for deploying your fargate app. | list(string) | [] | no |
 | enable_datadog_log_forwarding| Should enable data dog log forwarding. datadog_api_key_from must also be set for this to be enabled. You may need to modify task_memory, task_cpu, container_memory, container_cpu to account for this new container being added. | bool | false | no
 ## Outputs
 

cicd.tf

@@ -1,6 +1,10 @@
 # create ci/cd user with access keys (for build system)
 variable "ecr_repository_arn" {}
 
+variable "additional_user_groups" {
+  default = []
+}
+
 resource "aws_iam_user" "cicd" {
   name = "srv_${var.app}_${var.environment}_cicd"
 }
@@ -9,14 +13,10 @@ resource "aws_iam_group" "cicd" {
   name = "srv_${var.app}_${var.environment}_cicd"
 }
 
-resource "aws_iam_group_membership" "cicd" {
-  name = "srv_${var.app}_${var.environment}_cicd_group_membership"
-
-  users = [
-    aws_iam_user.cicd.name
-  ]
+resource "aws_iam_user_group_membership" "cicd" {
+  user = aws_iam_user.cicd.name
 
-  group = aws_iam_group.cicd.name
+  groups = concat([aws_iam_group.cicd.name], var.additional_user_groups)
 }
 
 # grant required permissions to deploy