From 0afc129cd0415fc8f4fe5b132d4e7e4be64e6a04 Mon Sep 17 00:00:00 2001 From: Hunter Morgan Date: Thu, 15 Aug 2024 11:09:15 -0400 Subject: [PATCH] add role name suffix --- README.md | 1 + iam.tf | 4 ++-- variables.tf | 6 ++++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0f97587..87b23b7 100644 --- a/README.md +++ b/README.md @@ -211,6 +211,7 @@ No modules. | [resolver\_caching\_ttl](#input\_resolver\_caching\_ttl) | Default caching TTL for resolvers when caching is enabled | `number` | `60` | no | | [resolver\_count\_limit](#input\_resolver\_count\_limit) | The maximum number of resolvers that can be invoked in a single request. | `number` | `null` | no | | [resolvers](#input\_resolvers) | Map of resolvers to create | `any` | `{}` | no | +| [role\_suffix](#input\_role\_suffix) | Suffix to append to generated role names | `string` | `""` | no | | [schema](#input\_schema) | The schema definition, in GraphQL schema language format. Terraform cannot perform drift detection of this configuration. | `string` | `""` | no | | [secrets\_manager\_allowed\_actions](#input\_secrets\_manager\_allowed\_actions) | List of allowed IAM actions for secrets manager datasources type RELATIONAL\_DATABASE | `list(string)` |
[
"secretsmanager:GetSecretValue"
]
| no | | [tags](#input\_tags) | Map of tags to add to all GraphQL resources created by this module | `map(string)` | `{}` | no | diff --git a/iam.tf b/iam.tf index f53bd86..90ebf50 100644 --- a/iam.tf +++ b/iam.tf @@ -108,7 +108,7 @@ data "aws_iam_policy_document" "assume_role" { resource "aws_iam_role" "logs" { count = var.logging_enabled && var.create_logs_role ? 1 : 0 - name = coalesce(var.logs_role_name, "${var.name}-logs") + name = "${coalesce(var.logs_role_name, "${var.name}-logs")}${var.role_suffix}" assume_role_policy = data.aws_iam_policy_document.assume_role.json permissions_boundary = var.iam_permissions_boundary @@ -126,7 +126,7 @@ resource "aws_iam_role_policy_attachment" "logs" { resource "aws_iam_role" "service_role" { for_each = local.service_roles_with_specific_policies - name = lookup(each.value, "service_role_name", "${each.key}-role") + name = "${lookup(each.value, "service_role_name", "${each.key}-role")}${var.role_suffix}" permissions_boundary = var.iam_permissions_boundary assume_role_policy = data.aws_iam_policy_document.assume_role.json } diff --git a/variables.tf b/variables.tf index 801225f..5dc9a4c 100644 --- a/variables.tf +++ b/variables.tf @@ -338,3 +338,9 @@ variable "resolver_count_limit" { type = number default = null } + +variable "role_suffix" { + description = "value to append to the role name" + type = string + default = "" +}