locals {
  iam_roles = { for name, role in var.iam_roles : name => merge(var.default_iam_role, role) }
}

resource "aws_iam_role" "self" {
  for_each             = local.iam_roles
  name                 = each.key
  assume_role_policy   = jsonencode(each.value.assume_role_policy)
  permissions_boundary = each.value.permissions_boundary
}

resource "aws_iam_role_policy" "self" {
  for_each   = { for role, role_config in local.iam_roles : role => role_config if length(role_config.policy) > 0 }
  name       = each.key
  role       = each.key
  policy     = jsonencode(each.value.policy)
  depends_on = [aws_iam_role.self]
}