19 lines
627 B
HCL
19 lines
627 B
HCL
locals {
|
|
iam_roles = { for name, role in var.iam_roles : name => merge(var.default_iam_role, role) }
|
|
}
|
|
|
|
resource "aws_iam_role" "self" {
|
|
for_each = local.iam_roles
|
|
name = each.key
|
|
assume_role_policy = jsonencode(each.value.assume_role_policy)
|
|
permissions_boundary = each.value.permissions_boundary
|
|
}
|
|
|
|
resource "aws_iam_role_policy" "self" {
|
|
for_each = { for role, role_config in local.iam_roles : role => role_config if length(role_config.policy) > 0 }
|
|
name = each.key
|
|
role = each.key
|
|
policy = jsonencode(each.value.policy)
|
|
depends_on = [aws_iam_role.self]
|
|
}
|