search

terraform-aws-modules / terraform-aws-iam

Terraform module to create AWS IAM resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/iam/aws
Apache License 2.0
788 stars 1k forks source link

Allow empty values for external secrets kms keys, secrets, ssm parameters #511

Closed akumar-99 closed 1 month ago

akumar-99 commented 2 months ago

Is your request related to a new offering from AWS?

No

Is your request related to a problem? Please describe.

Yes, I am using terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks - 5.41.0 with attach_external_secrets_policy = true. We can control access using external_secrets_kms_key_arns, external_secrets_secrets_manager_arns and external_secrets_ssm_parameter_arns, and they have default values set. I do not want to allow access to SSM parameters, but it neither supports [] nor ["]. Can we have a feature for it?

Describe the solution you'd like.

Allow external_secrets_ssm_parameter_arns to take value as []. If [], then do not add policy statement for SSM parameters access.

Describe alternatives you've considered.

Tried playing with the values.

Additional context

github-actions[bot] commented 1 month ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] commented 1 month ago

This issue was automatically closed because of stale in 10 days

github-actions[bot] commented 2 weeks ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.