diff --git a/CHANGELOG.md b/CHANGELOG.md
index 65bdbc9..9eff466 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,3 +13,6 @@
* v1.0.3 -- 20210402
- add export of ldap_dn
+
+* v1.1.0 -- 20210617
+ - add inline_policies
diff --git a/README.md b/README.md
index 32aac9c..d643bdb 100644
--- a/README.md
+++ b/README.md
@@ -68,7 +68,20 @@ module "myrole2" {
role_name = "my-role2"
attached_policies = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]
}
-```
+Creating a non-SAML role with inline policies
+```hcl
+module "myrole3" {
+ source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+
+ role\_name = "my-role3"
+ attached\_policies = [ data.aws\_iam\_policy.aws-managed-readonlyaccess.arn ]
+ inline\_policies = [
+ {
+ name = "my-policy-1"
+ policy = data.aws\_iam\_policy\_documennt.my-policy-1.json
+ }
+ ]
+}
## Requirements
@@ -113,6 +126,7 @@ No modules.
| [attached\_policies](#input\_attached\_policies) | List of IAM Policy ARNs to attach to this role | `list(string)` | `[]` | no |
| [component\_tags](#input\_component\_tags) | Additional tags for Components (role, policy) | `map(map(string))` | {
"policy": {},
"role": {}
} | no |
| [enable\_ldap\_creation](#input\_enable\_ldap\_creation) | Flag to enable/disable LDAP object creation for role group (for SAML only). Also requires LDAP credentials. | `bool` | `false` | no |
+| [inline\_policies](#input\_inline\_policies) | List of IAM Policy Document objects to include in this role. Format is {name=name,policy=policy-json} | `list(object({ name = string, policy = string }))` | `[]` | no |
| [ldap\_host](#input\_ldap\_host) | LDAP Hostname (default is for eBOCAS) | `string` | `"ldap.e.tco.census.gov"` | no |
| [ldap\_password](#input\_ldap\_password) | LDAP password for ldap\_user for writing data into eDirectory or Active Directory | `string` | `""` | no |
| [ldap\_port](#input\_ldap\_port) | LDAP port (default is 389 but also using STARTTLS) | `number` | `389` | no |
diff --git a/main.tf b/main.tf
index 93d461a..d3ca7dc 100644
--- a/main.tf
+++ b/main.tf
@@ -69,6 +69,20 @@
* role_name = "my-role2"
* attached_policies = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]
* }
+* Creating a non-SAML role with inline policies
+* ```hcl
+* module "myrole3" {
+* source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+*
+* role_name = "my-role3"
+* attached_policies = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]
+* inline_policies = [
+* {
+* name = "my-policy-1"
+* policy = data.aws_iam_policy_documennt.my-policy-1.json
+* }
+* ]
+* }
* ```
*/
@@ -112,6 +126,15 @@ resource "aws_iam_role" "role" {
# assume_role_policy = data.terraform_remote_state.common.outputs.inf_saml_assume_policy_document
assume_role_policy = var.assume_policy_document
+ dynamic "inline_policy" {
+ for_each = var.inline_policies
+ iterator = p
+ content {
+ name = p.name
+ policy = p.policy
+ }
+ }
+
tags = merge(
var.tags,
local.base_tags,
diff --git a/variables.tf b/variables.tf
index cf8c8bd..5cca66a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -33,6 +33,12 @@ variable "attached_policies" {
default = []
}
+variable "inline_policies" {
+ description = "List of IAM Policy Document objects to include in this role. Format is {name=name,policy=policy-json}"
+ type = list(object({ name = string, policy = string }))
+ default = []
+}
+
#---
# ldap
#---
diff --git a/version.tf b/version.tf
index 1dfb710..9c489cd 100644
--- a/version.tf
+++ b/version.tf
@@ -1,3 +1,3 @@
locals {
- _module_version = "1.0.3"
+ _module_version = "1.1.0"
}