diff --git a/README.md b/README.md index 8f2a71e..fcdb730 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,7 @@ No Modules. | account\_id | AWS Account ID (default will pull from current user) | `string` | `""` | no | | assume\_policy\_document | JSON policy document for role to assume (i.e., the SAML assume document) | `string` | `""` | no | | attached\_policies | List of IAM Policy ARNs to attach to this role | `list(string)` | `[]` | no | +| component\_tags | Additional tags for Components (role, policy) | `map(map(string))` | 
{
  "policy": {},
  "role": {}
}
| no | | ec2\_assume\_policy\_document | JSON policy document for EC2 instance role (default is sts:AssumeRole for ec2 service) | `string` | `""` | no | | ec2\_attached\_policies | List of IAM Policy ARNs to attach to this EC2 instance role | `list(string)` | `[]` | no | | ec2\_role\_name | EC2 instace Role/application name without prefix | `string` | `""` | no | diff --git a/main.tf b/main.tf index 6fe5add..9961fb5 100644 --- a/main.tf +++ b/main.tf @@ -39,7 +39,7 @@ locals { ec2_role_name = format("%v-ec2-%v", lookup(local._prefixes, "role", ""), local._ec2_role_name) ec2_policy_name = format("%v-ec2-%v", lookup(local._prefixes, "policy", ""), local._ec2_role_name) - ldap_exists = fileexists("${path.root}/setup/${aws_iam_role.role_app.name}.ldif") + ldap_exists = fileexists("${path.root}/setup/${aws_iam_role.role.name}.ldif") bocappdata_auth = local.account_environment == "gov" ? "Cloud_AWSGovCloud_Auth" : "Cloud_AWS_Auth" bocappdata_fullauth = format("gov.census.tco:%v=%v,%v", local.bocappdata_auth, aws_iam_role.role.arn, var.saml_provider_arn) diff --git a/variables.tf b/variables.tf index 7f0c5c1..eb2d218 100644 --- a/variables.tf +++ b/variables.tf @@ -88,3 +88,10 @@ variable "ldap_port" { type = number default = 389 } + +variable "component_tags" { + description = "Additional tags for Components (role, policy)" + type = map(map(string)) + default = { "role" = {}, "policy" = {} } +} +