feat: Add path option to IAM roles created under this module

sf-walsh commented 2 years ago

Description

Add path variable to main.tf for resource aws_iam_role.ecs_task_execution to allow for creating this role under more than the default path /

Motivation and Context

This resolves an issue for accounts that don't allow creation of roles under the default "/" path. Like permissions_boundary the path is needed if governance rules only allow IAM role creation under /mycustomrole/path/

  + resource "aws_iam_role" "ecs_task_execution" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = [
                              + "ssm.amazonaws.com",
                              + "ecs-tasks.amazonaws.com",
                            ]
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "atlantis-ecs-ecs_task_execution"
      + name_prefix           = (known after apply)
      + path                  = "/delegatedadmin/developer/"
      + permissions_boundary  = "arn:aws:iam::<redacted>:policy/cloud/developer-boundary-policy"
      + tags                  = {
          + "Environment" = "dev"
          + "Name"        = "atlantis-ecs"
          + "Owner"       = "myself"
        }
      + tags_all              = {
          + "Environment" = "dev"
          + "Name"        = "atlantis-ecs"
          + "Owner"       = "myself"
        }
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

Breaking Changes

No

How Has This Been Tested?

[X] I have updated at least one of the examples/* to demonstrate and validate my change(s)
[X] I have tested and validated these changes using one or more of the provided examples/* projects
[ ] I have executed pre-commit run -a on my pull request

antonbabenko commented 2 years ago

@sf-walsh Please fix the failing GH Actions checks.

sf-walsh commented 2 years ago

@sf-walsh Please fix the failing GH Actions checks.

@antonbabenko Corrected and pushed with checks passing...

Terraform fmt............................................................Passed Terraform docs...........................................................Passed

sf-walsh commented 2 years ago

@antonbabenko Not sure if you can direct me at what is wrong... i ran the pre-commit on all files, i ran terraform validate manually.

pre-commit run --all-files
Terraform fmt............................................................Passed
Terraform docs...........................................................Passed

$ terraform validate
Success! The configuration is valid.

antonbabenko commented 2 years ago

Thank you @sf-walsh !

antonbabenko commented 2 years ago

This PR is included in version 3.22.0 :tada:

github-actions[bot] commented 1 year ago

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

terraform-aws-modules / terraform-aws-atlantis