From e31beb8ee8cc88b33c10afbdd062d6cf0b161556 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 21 Jan 2022 12:22:56 -0500 Subject: [PATCH] remove role module --- README.md | 6 +++--- role.tf | 37 +++++++++++++++++++++++++++++-------- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 3cff5f0..dca4c1e 100644 --- a/README.md +++ b/README.md @@ -13,15 +13,15 @@ ## Modules -| Name | Source | Version | -|------|--------|---------| -| [role](#module\_role) | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git | n/a | +No modules. ## Resources | Name | Type | |------|------| | [aws_dynamodb_table.table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource | +| [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_policy.lambda_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | diff --git a/role.tf b/role.tf index b2a4a8f..1dfec49 100644 --- a/role.tf +++ b/role.tf @@ -3,17 +3,38 @@ locals { lambda_policies = ["AWSLambdaBasicExecutionRole"] } -module "role" { - source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git" +resource "aws_iam_role" "role" { + count = var.create ? 1 : 0 + description = "Lambda role for Dynamic Route53" + name = format("%v%v", local.lambda_name) + force_detach_policies = local._defaults["force_detach_policies"] + max_session_duration = var.max_session_duration + assume_role_policy = data.aws_iam_policy_document.lambda_assume.json - role_description = "Lambda role for Dynamic Route53" - role_name = local.lambda_name - enable_ldap_creation = false - assume_policy_document = data.aws_iam_policy_document.lambda_assume.json - attached_policies = [for k, v in data.aws_iam_policy.lambda_policies : k.arn] - inline_policies = [{ name = var.name, policy = data.aws_iam_policy_document.lambda_policy.json }] + inline_policy = { + name = var.name + policy = data.aws_iam_policy_document.lambda_policy.json + } + + lifecycle { + ignore_changes = [tags["boc:tf_module_version"]] + } + + tags = merge( + local.base_tags, + var.tags, + lookup(var.component_tags, "role", {}), + tomap({ Name = local.lambda_name }) + ) } +resource "aws_iam_role_policy_attachment" "role" { + for_each = var.create ? toset([for k, v in data.aws_iam_policy.lambda_policies : k.arn]) : toset([]) + role = var.create ? aws_iam_role.role[0].name : "" + policy_arn = each.value +} + + data "aws_iam_policy" "lambda_policies" { for_each = toset(local.lambda_policies) name = each.key