From 4e9582bc1e67972c91545e14d4fc23e35c70aa10 Mon Sep 17 00:00:00 2001
From: RB <7775707+nitrocode@users.noreply.github.com>
Date: Fri, 15 Nov 2024 02:11:02 -0600
Subject: [PATCH 1/6] feat: add var.inline_policy_enabled

---
 variables.tf | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/variables.tf b/variables.tf
index bbc1d54..d9a5696 100644
--- a/variables.tf
+++ b/variables.tf
@@ -90,7 +90,13 @@ variable "path" {
 }
 
 variable "tags_enabled" {
-  type        = string
+  type        = bool
   description = "Enable/disable tags on IAM roles and policies"
   default     = true
 }
+
+variable "inline_policy_enabled" {
+  type        = bool
+  description = "Whether or not to enable an inline policy instead of a reusable managed policy"
+  default     = false
+}

From ea2b4e1f9a3e0e7298779966aca1779ed3c41e5a Mon Sep 17 00:00:00 2001
From: RB <7775707+nitrocode@users.noreply.github.com>
Date: Fri, 15 Nov 2024 02:17:46 -0600
Subject: [PATCH 2/6] feat: use var to create inline policy

---
 main.tf | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 1aa8496..4625735 100644
--- a/main.tf
+++ b/main.tf
@@ -44,13 +44,22 @@ resource "aws_iam_role" "default" {
   tags                 = var.tags_enabled ? module.this.tags : null
 }
 
+resource "aws_iam_role_policy" "default" {
+  count = module.this.enabled && var.policy_document_count > 0 && var.inline_policy_enabled ? 1 : 0
+
+  name = var.policy_name != "" && var.policy_name != null ? var.policy_name : module.this.id
+  role = join("", aws_iam_role.default.*.name)
+
+  policy = join("", data.aws_iam_policy_document.default.*.json)
+}
+
 data "aws_iam_policy_document" "default" {
   count                     = module.this.enabled && var.policy_document_count > 0 ? 1 : 0
   override_policy_documents = var.policy_documents
 }
 
 resource "aws_iam_policy" "default" {
-  count       = module.this.enabled && var.policy_document_count > 0 ? 1 : 0
+  count       = module.this.enabled && var.policy_document_count > 0 && !var.inline_policy_enabled ? 1 : 0
   name        = var.policy_name != "" && var.policy_name != null ? var.policy_name : module.this.id
   description = var.policy_description
   policy      = join("", data.aws_iam_policy_document.default.*.json)
@@ -59,7 +68,7 @@ resource "aws_iam_policy" "default" {
 }
 
 resource "aws_iam_role_policy_attachment" "default" {
-  count      = module.this.enabled && var.policy_document_count > 0 ? 1 : 0
+  count      = module.this.enabled && var.policy_document_count > 0 && !var.inline_policy_enabled ? 1 : 0
   role       = join("", aws_iam_role.default.*.name)
   policy_arn = join("", aws_iam_policy.default.*.arn)
 }

From 7832cd5529423dcb03ef1fe4baa6a1fbf1e62a23 Mon Sep 17 00:00:00 2001
From: RB <7775707+nitrocode@users.noreply.github.com>
Date: Fri, 15 Nov 2024 02:19:10 -0600
Subject: [PATCH 3/6] ci: set inline to true

---
 examples/complete/fixtures.us-east-2.tfvars | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
index 1461338..a169f06 100644
--- a/examples/complete/fixtures.us-east-2.tfvars
+++ b/examples/complete/fixtures.us-east-2.tfvars
@@ -11,3 +11,5 @@ use_fullname = true
 principals = {
   "AWS" : ["*"]
 }
+
+inline_policy_enabled = true

From 8faa995975cd405b4cd66607da8f5f642bc99e36 Mon Sep 17 00:00:00 2001
From: RB <7775707+nitrocode@users.noreply.github.com>
Date: Fri, 15 Nov 2024 02:19:54 -0600
Subject: [PATCH 4/6] ci: use var

---
 examples/complete/main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index dad8ebd..7d975a2 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -85,6 +85,7 @@ module "role" {
   policy_document_count = 2
   policy_description    = "Test IAM policy"
   role_description      = "Test IAM role"
+  inline_policy_enabled = var.inline_policy_enabled
 
   context = module.this.context
 }

From 3ccc327df7298275046db7a2ffba188e026281c6 Mon Sep 17 00:00:00 2001
From: RB <7775707+nitrocode@users.noreply.github.com>
Date: Fri, 15 Nov 2024 02:20:37 -0600
Subject: [PATCH 5/6] ci: copy inline var to example

---
 examples/complete/variables.tf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 80e93d8..8d24760 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -12,3 +12,9 @@ variable "principals" {
   type        = map(list(string))
   description = "Map of service name as key and a list of ARNs to allow assuming the role as value (e.g. map(`AWS`, list(`arn:aws:iam:::role/admin`)))"
 }
+
+variable "inline_policy_enabled" {
+  type        = bool
+  description = "Whether or not to enable an inline policy instead of a reusable managed policy"
+  default     = false
+}

From 24b1ac9290b6dfacf6ade6f9431930c0ba010a19 Mon Sep 17 00:00:00 2001
From: RB <7775707+nitrocode@users.noreply.github.com>
Date: Fri, 22 Nov 2024 04:30:06 -0600
Subject: [PATCH 6/6] fix: tflint issues

---
 main.tf | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/main.tf b/main.tf
index 4625735..6b5b46c 100644
--- a/main.tf
+++ b/main.tf
@@ -48,9 +48,9 @@ resource "aws_iam_role_policy" "default" {
   count = module.this.enabled && var.policy_document_count > 0 && var.inline_policy_enabled ? 1 : 0
 
   name = var.policy_name != "" && var.policy_name != null ? var.policy_name : module.this.id
-  role = join("", aws_iam_role.default.*.name)
+  role = join("", aws_iam_role.default[*].name)
 
-  policy = join("", data.aws_iam_policy_document.default.*.json)
+  policy = join("", data.aws_iam_policy_document.default[*].json)
 }
 
 data "aws_iam_policy_document" "default" {
@@ -62,25 +62,25 @@ resource "aws_iam_policy" "default" {
   count       = module.this.enabled && var.policy_document_count > 0 && !var.inline_policy_enabled ? 1 : 0
   name        = var.policy_name != "" && var.policy_name != null ? var.policy_name : module.this.id
   description = var.policy_description
-  policy      = join("", data.aws_iam_policy_document.default.*.json)
+  policy      = join("", data.aws_iam_policy_document.default[*].json)
   path        = var.path
   tags        = var.tags_enabled ? module.this.tags : null
 }
 
 resource "aws_iam_role_policy_attachment" "default" {
   count      = module.this.enabled && var.policy_document_count > 0 && !var.inline_policy_enabled ? 1 : 0
-  role       = join("", aws_iam_role.default.*.name)
-  policy_arn = join("", aws_iam_policy.default.*.arn)
+  role       = join("", aws_iam_role.default[*].name)
+  policy_arn = join("", aws_iam_policy.default[*].arn)
 }
 
 resource "aws_iam_role_policy_attachment" "managed" {
   for_each   = module.this.enabled ? var.managed_policy_arns : []
-  role       = join("", aws_iam_role.default.*.name)
+  role       = join("", aws_iam_role.default[*].name)
   policy_arn = each.key
 }
 
 resource "aws_iam_instance_profile" "default" {
   count = module.this.enabled && var.instance_profile_enabled ? 1 : 0
   name  = module.this.id
-  role  = join("", aws_iam_role.default.*.name)
+  role  = join("", aws_iam_role.default[*].name)
 }