added custom policies attachment

Devoteam · Sep 11, 2024 · 7128d90 · 7128d90
1 parent 4db934d
commit 7128d90
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/tf-aws-lambda/main.tf b/tf-aws-lambda/main.tf
@@ -2,6 +2,7 @@
 locals {
   fully_qualified_name = "${module.name.id}-${var.function_name}"
   partition   = data.aws_partition.this[0].partition
+  custom_iam_policy_arns_map = length(var.custom_iam_policy_arns) > 0 ? { for i, arn in var.custom_iam_policy_arns : i => arn } : {}
 }
 
 module "name" {
@@ -43,6 +44,13 @@ resource "aws_iam_role_policy_attachment" "cloudwatch_logs" {
   role       = aws_iam_role.this.name
 }
 
+resource "aws_iam_role_policy_attachment" "custom" {
+  for_each = local.custom_iam_policy_arns_map
+
+  policy_arn = each.value
+  role       = aws_iam_role.this.name
+}
+
 resource "aws_lambda_function" "this" {
   function_name                  = local.fully_qualified_name
   handler                        = var.handler

diff --git a/tf-aws-lambda/variables.tf b/tf-aws-lambda/variables.tf
@@ -147,4 +147,10 @@ variable "lambda_environment" {
   })
   description = "Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present."
   default     = null
+}
+
+variable "custom_iam_policy_arns" {
+  type        = set(string)
+  description = "ARNs of custom policies to be attached to the lambda role"
+  default     = []
 }