enable use of existing group

hyprnz · Jun 2, 2020 · 01a1973 · 01a1973
1 parent 71d02bf
commit 01a1973
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 2 deletions.
diff --git a/policy-to-group/README.md b/policy-to-group/README.md
@@ -6,6 +6,7 @@ This module ill create a IAM policy and group and bind the policy to the group.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| create\_group | Whether to create the IAM group or not | bool | true | yes |
 | group\_name | The name of the group to bind the policy to | string | n/a | yes |
 | policy\_actions | A List of policy actions | list | n/a | yes |
 | policy\_name | The name of the policy to create | string | n/a | yes |

diff --git a/policy-to-group/main.tf b/policy-to-group/main.tf
@@ -16,11 +16,13 @@ resource "aws_iam_policy" "this" {
 }
 
 resource "aws_iam_group" "this" {
-  name = var.group_name
+  count = var.create_group ? 1 : 0
+  name  = var.group_name
 }
 
 resource "aws_iam_group_policy_attachment" "this" {
-  group      = aws_iam_group.this.name
+  # group      = aws_iam_group.this.name
+  group      = var.group_name
   policy_arn = aws_iam_policy.this.arn
 }
 
diff --git a/policy-to-group/vars.tf b/policy-to-group/vars.tf
@@ -17,6 +17,12 @@ variable "policy_resources" {
   default     = ["*"]
 }
 
+variable "create_group" {
+  description = "Whether to create the IAM group or not"
+  type        = bool
+  default     = true
+}
+
 variable "group_name" {
   description = "The name of the group to bind the policy to"
 }