feat: Add permissions_boundary to fargate execution iam role

ryanoolala · ryanoolala · commit 8f11c52bbaad · 2020-11-19T14:55:12.000+08:00
diff --git a/fargate.tf b/fargate.tf
@@ -5,6 +5,7 @@ module "fargate" {
   create_fargate_pod_execution_role = var.create_fargate_pod_execution_role
   fargate_pod_execution_role_name   = var.fargate_pod_execution_role_name
   fargate_profiles                  = var.fargate_profiles
+  permissions_boundary              = var.permissions_boundary
   iam_path                          = var.iam_path
   iam_policy_arn_prefix             = local.policy_arn_prefix
   subnets                           = var.subnets
diff --git a/modules/fargate/fargate.tf b/modules/fargate/fargate.tf
@@ -1,9 +1,10 @@
 resource "aws_iam_role" "eks_fargate_pod" {
-  count              = local.create_eks && var.create_fargate_pod_execution_role ? 1 : 0
-  name_prefix        = format("%s-fargate", var.cluster_name)
-  assume_role_policy = data.aws_iam_policy_document.eks_fargate_pod_assume_role[0].json
-  tags               = var.tags
-  path               = var.iam_path
+  count                 = local.create_eks && var.create_fargate_pod_execution_role ? 1 : 0
+  name_prefix           = format("%s-fargate", var.cluster_name)
+  assume_role_policy    = data.aws_iam_policy_document.eks_fargate_pod_assume_role[0].json
+  permissions_boundary  = var.permissions_boundary
+  tags                  = var.tags
+  path                  = var.iam_path
 }
 
 resource "aws_iam_role_policy_attachment" "eks_fargate_pod" {
