Skip to content

Commit

Permalink
added lambda inline policies, removed custom arn policies
Browse files Browse the repository at this point in the history
  • Loading branch information
Pavel Bakhmetev committed Sep 16, 2024
1 parent 614e1c3 commit 9de8a9f
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 9 deletions.
9 changes: 4 additions & 5 deletions tf-aws-lambda/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ terraform {
locals {
fully_qualified_name = "${module.name.id}-${var.function_name}"
partition = data.aws_partition.this[0].partition
custom_iam_policy_arns_map = length(var.custom_iam_policy_arns) > 0 ? { for i, arn in var.custom_iam_policy_arns : i => arn } : {}
}

module "name" {
Expand Down Expand Up @@ -48,11 +47,11 @@ resource "aws_iam_role_policy_attachment" "cloudwatch_logs" {
role = aws_iam_role.this.name
}

resource "aws_iam_role_policy_attachment" "custom" {
for_each = local.custom_iam_policy_arns_map
resource "aws_iam_role_policy" "inline" {
count = var.inline_iam_policy != null ? 1 : 0

policy_arn = each.value
role = aws_iam_role.this.name
role = aws_iam_role.this.name
policy = var.inline_iam_policy
}

resource "aws_lambda_function" "this" {
Expand Down
8 changes: 4 additions & 4 deletions tf-aws-lambda/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -155,8 +155,8 @@ variable "lambda_environment" {
description = "Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present."
}

variable "custom_iam_policy_arns" {
type = set(string)
default = []
description = "ARNs of custom policies to be attached to the lambda role"
variable "inline_iam_policy" {
type = string
description = "Inline policy document (JSON) to attach to the lambda role"
default = null
}

0 comments on commit 9de8a9f

Please sign in to comment.