Merge pull request #57 from yuriy-kirb/feature/additional-trusted-pri…

…ncipal Adding ability to add additional principal to trusted policy
aws-ia · Jun 20, 2024 · 5e2702b · 5e2702b
2 parents 9af80d7 + 5c336aa
commit 5e2702b
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -129,6 +129,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_additional_principal_arns"></a> [additional\_principal\_arns](#input\_additional\_principal\_arns) | List of additional AWS principal ARNs | `list(string)` | `[]` | no |
 | <a name="input_airflow_configuration_options"></a> [airflow\_configuration\_options](#input\_airflow\_configuration\_options) | (Optional) The airflow\_configuration\_options parameter specifies airflow override options. | `any` | `null` | no |
 | <a name="input_airflow_version"></a> [airflow\_version](#input\_airflow\_version) | (Optional) Airflow version of your environment, will be set by default to the latest version that MWAA supports. | `string` | `null` | no |
 | <a name="input_create_iam_role"></a> [create\_iam\_role](#input\_create\_iam\_role) | Create IAM role for MWAA | `bool` | `true` | no |

diff --git a/data.tf b/data.tf
@@ -38,6 +38,13 @@ data "aws_iam_policy_document" "mwaa_assume" {
       type        = "Service"
       identifiers = ["s3.amazonaws.com"]
     }
+    dynamic "principals" {
+      for_each = var.additional_principal_arns
+      content {
+        type        = "AWS"
+        identifiers = [principals.value]
+      }
+    }
   }
 }
 #tfsec:ignore:AWS099

diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -34,7 +34,7 @@ resource "aws_s3_bucket_ownership_controls" "this" {
 
 resource "aws_s3_bucket_acl" "this" {
   depends_on = [aws_s3_bucket_ownership_controls.this]
-  bucket = aws_s3_bucket.this.id
+  bucket     = aws_s3_bucket.this.id
   rule {
     object_ownership = "BucketOwnerPreferred"
   }

diff --git a/test/mwaa_test.go b/test/mwaa_test.go
@@ -18,4 +18,4 @@ func TestExamplesBasic(t *testing.T) {
 
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
-}
+}
diff --git a/variables.tf b/variables.tf
@@ -157,6 +157,12 @@ variable "iam_role_name" {
   default     = null
 }
 
+variable "additional_principal_arns" {
+  description = "List of additional AWS principal ARNs"
+  type        = list(string)
+  default     = []
+}
+
 variable "iam_role_permissions_boundary" {
   description = "IAM role Permission boundary"
   type        = string