From 01a1973d0f15afb0210a89e6f2ade63dd3b2eeb5 Mon Sep 17 00:00:00 2001 From: Peter Sellars Date: Tue, 2 Jun 2020 13:14:08 +1200 Subject: [PATCH] enable use of existing group --- policy-to-group/README.md | 1 + policy-to-group/main.tf | 6 ++++-- policy-to-group/vars.tf | 6 ++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/policy-to-group/README.md b/policy-to-group/README.md index 5227afa..4df4db2 100644 --- a/policy-to-group/README.md +++ b/policy-to-group/README.md @@ -6,6 +6,7 @@ This module ill create a IAM policy and group and bind the policy to the group. | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| +| create\_group | Whether to create the IAM group or not | bool | true | yes | | group\_name | The name of the group to bind the policy to | string | n/a | yes | | policy\_actions | A List of policy actions | list | n/a | yes | | policy\_name | The name of the policy to create | string | n/a | yes | diff --git a/policy-to-group/main.tf b/policy-to-group/main.tf index 6180b49..2cfdfaf 100644 --- a/policy-to-group/main.tf +++ b/policy-to-group/main.tf @@ -16,11 +16,13 @@ resource "aws_iam_policy" "this" { } resource "aws_iam_group" "this" { - name = var.group_name + count = var.create_group ? 1 : 0 + name = var.group_name } resource "aws_iam_group_policy_attachment" "this" { - group = aws_iam_group.this.name + # group = aws_iam_group.this.name + group = var.group_name policy_arn = aws_iam_policy.this.arn } diff --git a/policy-to-group/vars.tf b/policy-to-group/vars.tf index f4419e0..7fa451e 100644 --- a/policy-to-group/vars.tf +++ b/policy-to-group/vars.tf @@ -17,6 +17,12 @@ variable "policy_resources" { default = ["*"] } +variable "create_group" { + description = "Whether to create the IAM group or not" + type = bool + default = true +} + variable "group_name" { description = "The name of the group to bind the policy to" }