Skip to content

Commit c96051d

Browse files
aperigaultAntony Perigault
aperigault
and
Antony Perigault
authored
feat: Add option to override IAM objects names (#358)
* feat: Add IAM objects name override option * fix Co-authored-by: Antony Perigault <[email protected]>
1 parent 95b2abe commit c96051d

File tree

3 files changed

+10
-8
lines changed

3 files changed

+10
-8
lines changed

locals.tf

+1
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ locals {
1515
// custom names for instances and security groups
1616
name_runner_agent_instance = var.overrides["name_runner_agent_instance"] == "" ? local.tags["Name"] : var.overrides["name_runner_agent_instance"]
1717
name_sg = var.overrides["name_sg"] == "" ? local.tags["Name"] : var.overrides["name_sg"]
18+
name_iam_objects = var.overrides["name_iam_objects"] == "" ? local.tags["Name"] : var.overrides["name_iam_objects"]
1819
runners_additional_volumes = <<-EOT
1920
%{~for volume in var.runners_additional_volumes~},"${volume}"%{endfor~}
2021
EOT

main.tf

+8-8
Original file line numberDiff line numberDiff line change
@@ -328,13 +328,13 @@ module "cache" {
328328
### Trust policy
329329
################################################################################
330330
resource "aws_iam_instance_profile" "instance" {
331-
name = "${var.environment}-instance-profile"
331+
name = "${local.name_iam_objects}-instance"
332332
role = aws_iam_role.instance.name
333333
tags = local.tags
334334
}
335335

336336
resource "aws_iam_role" "instance" {
337-
name = "${var.environment}-instance-role"
337+
name = "${local.name_iam_objects}-instance"
338338
assume_role_policy = length(var.instance_role_json) > 0 ? var.instance_role_json : templatefile("${path.module}/policies/instance-role-trust-policy.json", {})
339339
permissions_boundary = var.permissions_boundary == "" ? null : "${var.arn_format}:iam::${data.aws_caller_identity.current.account_id}:policy/${var.permissions_boundary}"
340340
tags = merge(local.tags, var.role_tags)
@@ -344,7 +344,7 @@ resource "aws_iam_role" "instance" {
344344
### Policies for runner agent instance to create docker machines via spot req.
345345
################################################################################
346346
resource "aws_iam_policy" "instance_docker_machine_policy" {
347-
name = "${var.environment}-docker-machine"
347+
name = "${local.name_iam_objects}-docker-machine"
348348
path = "/"
349349
description = "Policy for docker machine."
350350
policy = templatefile("${path.module}/policies/instance-docker-machine-policy.json", {})
@@ -362,7 +362,7 @@ resource "aws_iam_role_policy_attachment" "instance_docker_machine_policy" {
362362
resource "aws_iam_policy" "instance_session_manager_policy" {
363363
count = var.enable_runner_ssm_access ? 1 : 0
364364

365-
name = "${var.environment}-session-manager"
365+
name = "${local.name_iam_objects}-session-manager"
366366
path = "/"
367367
description = "Policy session manager."
368368
policy = templatefile("${path.module}/policies/instance-session-manager-policy.json", {})
@@ -405,14 +405,14 @@ resource "aws_iam_role_policy_attachment" "docker_machine_cache_instance" {
405405
### docker machine instance policy
406406
################################################################################
407407
resource "aws_iam_role" "docker_machine" {
408-
name = "${var.environment}-docker-machine-role"
408+
name = "${local.name_iam_objects}-docker-machine"
409409
assume_role_policy = length(var.docker_machine_role_json) > 0 ? var.docker_machine_role_json : templatefile("${path.module}/policies/instance-role-trust-policy.json", {})
410410
permissions_boundary = var.permissions_boundary == "" ? null : "${var.arn_format}:iam::${data.aws_caller_identity.current.account_id}:policy/${var.permissions_boundary}"
411411
tags = local.tags
412412
}
413413

414414
resource "aws_iam_instance_profile" "docker_machine" {
415-
name = "${var.environment}-docker-machine-profile"
415+
name = "${local.name_iam_objects}-docker-machine"
416416
role = aws_iam_role.docker_machine.name
417417
tags = local.tags
418418
}
@@ -440,7 +440,7 @@ resource "aws_iam_role_policy_attachment" "docker_machine_session_manager_aws_ma
440440
resource "aws_iam_policy" "service_linked_role" {
441441
count = var.allow_iam_service_linked_role_creation ? 1 : 0
442442

443-
name = "${var.environment}-service_linked_role"
443+
name = "${local.name_iam_objects}-service_linked_role"
444444
path = "/"
445445
description = "Policy for creation of service linked roles."
446446
policy = templatefile("${path.module}/policies/service-linked-role-create-policy.json", { arn_format = var.arn_format })
@@ -464,7 +464,7 @@ resource "aws_eip" "gitlab_runner" {
464464
resource "aws_iam_policy" "ssm" {
465465
count = var.enable_manage_gitlab_token ? 1 : 0
466466

467-
name = "${var.environment}-ssm"
467+
name = "${local.name_iam_objects}-ssm"
468468
path = "/"
469469
description = "Policy for runner token param access via SSM"
470470
policy = templatefile("${path.module}/policies/instance-secure-parameter-role-policy.json", { arn_format = var.arn_format })

variables.tf

+1
Original file line numberDiff line numberDiff line change
@@ -567,6 +567,7 @@ variable "overrides" {
567567

568568
default = {
569569
name_sg = ""
570+
name_iam_objects = ""
570571
name_runner_agent_instance = ""
571572
name_docker_machine_runners = ""
572573
}

0 commit comments

Comments
 (0)