terraform-modules · badra001 · Jun 17, 2021 · Jun 17, 2021
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,3 +13,6 @@
 
 * v1.0.3 -- 20210402
   - add export of ldap_dn
+
+* v1.1.0 -- 20210617
+  - add inline_policies
diff --git a/README.md b/README.md
@@ -68,7 +68,20 @@ module "myrole2" {
   role_name                  = "my-role2"
   attached_policies          = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]
 }
-```
+Creating a non-SAML role with inline policies
+```hcl
+module "myrole3" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+
+  role\_name                  = "my-role3"
+  attached\_policies          = [ data.aws\_iam\_policy.aws-managed-readonlyaccess.arn ]
+  inline\_policies            = [
+    {
+      name = "my-policy-1"
+      policy = data.aws\_iam\_policy\_documennt.my-policy-1.json
+    }
+  ]
+}
 
 ## Requirements
 
@@ -113,6 +126,7 @@ No modules.
 | <a name="input_attached_policies"></a> [attached\_policies](#input\_attached\_policies) | List of IAM Policy ARNs to attach to this role | `list(string)` | `[]` | no |
 | <a name="input_component_tags"></a> [component\_tags](#input\_component\_tags) | Additional tags for Components (role, policy) | `map(map(string))` | <pre>{<br>  "policy": {},<br>  "role": {}<br>}</pre> | no |
 | <a name="input_enable_ldap_creation"></a> [enable\_ldap\_creation](#input\_enable\_ldap\_creation) | Flag to enable/disable LDAP object creation for role group (for SAML only). Also requires LDAP credentials. | `bool` | `false` | no |
+| <a name="input_inline_policies"></a> [inline\_policies](#input\_inline\_policies) | List of IAM Policy Document objects to include in this role. Format is {name=name,policy=policy-json} | `list(object({ name = string, policy = string }))` | `[]` | no |
 | <a name="input_ldap_host"></a> [ldap\_host](#input\_ldap\_host) | LDAP Hostname (default is for eBOCAS) | `string` | `"ldap.e.tco.census.gov"` | no |
 | <a name="input_ldap_password"></a> [ldap\_password](#input\_ldap\_password) | LDAP password for ldap\_user for writing data into eDirectory or Active Directory | `string` | `""` | no |
 | <a name="input_ldap_port"></a> [ldap\_port](#input\_ldap\_port) | LDAP port (default is 389 but also using STARTTLS) | `number` | `389` | no |

diff --git a/main.tf b/main.tf
@@ -69,6 +69,20 @@
 *   role_name                  = "my-role2"
 *   attached_policies          = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]
 * }
+* Creating a non-SAML role with inline policies
+* ```hcl
+* module "myrole3" {
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+* 
+*   role_name                  = "my-role3"
+*   attached_policies          = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]
+*   inline_policies            = [
+*     {
+*       name = "my-policy-1"
+*       policy = data.aws_iam_policy_documennt.my-policy-1.json
+*     }
+*   ]
+* }
 * ```
 */
 
@@ -112,6 +126,15 @@ resource "aws_iam_role" "role" {
   #  assume_role_policy    = data.terraform_remote_state.common.outputs.inf_saml_assume_policy_document
   assume_role_policy = var.assume_policy_document
 
+  dynamic "inline_policy" {
+    for_each = var.inline_policies
+    iterator = p
+    content {
+      name   = p.name
+      policy = p.policy
+    }
+  }
+
   tags = merge(
     var.tags,
     local.base_tags,

diff --git a/variables.tf b/variables.tf
@@ -33,6 +33,12 @@ variable "attached_policies" {
   default     = []
 }
 
+variable "inline_policies" {
+  description = "List of IAM Policy Document objects to include in this role. Format is {name=name,policy=policy-json}"
+  type        = list(object({ name = string, policy = string }))
+  default     = []
+}
+
 #---
 # ldap 
 #---

diff --git a/version.tf b/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.0.3"
+  _module_version = "1.1.0"
 }