thenom
commented
6 years ago In our infrastructure we have separate roles, one for the IAM control and one for BAU access which is the one we use for terraform deploys. This is why i cannot test the IAM enabled process but with it set to false my consul cluster fully deploys without issues when i provide the role i created using the IAM role.
Please review my PR that allows the IAM role and policy creation to be disabled. This allows the role to be created externally and the ARN of the role to be supplied via tf variable.
This helps in situations where end users roles might not have the right to modify IAM but have the rights to deploy standard compute resources.
ref: https://github.com/hashicorp/terraform-aws-consul/issues/42
I am afraid i am not very good with go so have not updated the tests but i am not in a situation currently where i can test with IAM enabled anyway so if someone could please confirm that all is good with this and merge it in, if not then please let me know.