fix: Add context tags to the IAM resources (#45)

* fix: Add context tags to the IAM resources Prior to this, the `aws_iam_role` and the `aws_iam_policy` created by this module did not include any of the tags passed via `tags` or via `context`. This fixes that problem by specifying `tags = module.this.tags` on each of those resources so that they use the tags specified determined by the null/label context. * chore: update module boilerplate and docs ``` make init make github/init make readme ```
cloudposse · Oct 11, 2023 · 127b10b · 127b10b
1 parent 0d85859
commit 127b10b
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 9 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -1,13 +1,14 @@
 {
   "extends": [
     "config:base",
-    ":preserveSemverRanges"
+    ":preserveSemverRanges",
+    ":rebaseStalePrs"
   ],
-  "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"],
+  "baseBranches": ["main"],
   "labels": ["auto-update"],
   "dependencyDashboardAutoclose": true,
   "enabledManagers": ["terraform"],
   "terraform": {
-    "ignorePaths": ["**/context.tf", "examples/**"]
+    "ignorePaths": ["**/context.tf"]
   }
 }
diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
@@ -10,6 +10,7 @@ on:
       - 'docs/**'
       - 'examples/**'
       - 'test/**'
+      - 'README.*'
 
 permissions:
   contents: write

diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml
@@ -11,4 +11,4 @@ permissions:
 
 jobs:
   terraform-module:
-    uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main
+    uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-published.yml@main
diff --git a/README.md b/README.md
@@ -90,10 +90,6 @@ We highly recommend that in your code you pin the version to the exact version y
 using so that your infrastructure remains stable, and update versions in a
 systematic way so that they do not catch you by surprise.
 
-Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)),
-the registry shows many of our inputs as required when in fact they are optional.
-The table below correctly indicates which inputs are required.
-
 
 For a complete example, see [examples/complete](examples/complete).
 For automated tests of the complete example using [bats](https://github.com/bats-core/bats-core) and [Terratest](https://github.com/gruntwork-io/terratest)

diff --git a/iam-role.tf b/iam-role.tf
@@ -2,8 +2,10 @@ resource "aws_iam_role" "this" {
   count = local.enabled ? 1 : 0
 
   name                 = "${var.function_name}-${local.region_name}"
-  assume_role_policy   = join("", data.aws_iam_policy_document.assume_role_policy.*.json)
+  assume_role_policy   = join("", data.aws_iam_policy_document.assume_role_policy[*].json)
   permissions_boundary = var.permissions_boundary
+
+  tags = module.this.tags
 }
 
 data "aws_iam_policy_document" "assume_role_policy" {
@@ -68,6 +70,8 @@ resource "aws_iam_policy" "ssm" {
   name        = "${var.function_name}-ssm-policy-${local.region_name}"
   description = var.iam_policy_description
   policy      = data.aws_iam_policy_document.ssm[count.index].json
+
+  tags = module.this.tags
 }
 
 resource "aws_iam_role_policy_attachment" "ssm" {