-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat:add new support for permission boundry #19
base: master
Are you sure you want to change the base?
feat:add new support for permission boundry #19
Conversation
fixes #18 |
@dojci Could you please have a look at this? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added some comments and when these are resolved we can merge this.
count = local.irsa_role_create ? 1 : 0 | ||
name = "${var.irsa_role_name_prefix}-${var.helm_chart_name}" # tflint-ignore: aws_iam_role_invalid_name | ||
assume_role_policy = data.aws_iam_policy_document.this_irsa[0].json | ||
permissions_boundary = var.irsa_permissions_boundary |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
when permission boundary is empty tflint is failing. It needs to be ignore with the comment:
# tflint-ignore: aws_iam_role_invalid_permissions_boundary
@@ -129,6 +129,12 @@ variable "irsa_tags" { | |||
description = "IRSA resources tags" | |||
} | |||
|
|||
variable "irsa_permissions_boundary" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
when adding new variables make sure to run terraform-docs so README.md is adjusted along with the Terraform changes.
terraform-docs markdown table --output-file README.md --output-mode inject .
Description
This change adds a an option to add a permission boundary policy when creating the irsa rule
Type of change
fix
)feat
)refactor
)test
)style
)ci
)docs
)How Has This Been Tested?