From 56989bc4dd7d730b5a37a6a41f45dd4ed825d8a5 Mon Sep 17 00:00:00 2001 From: Troy Dieter Date: Sun, 11 Oct 2020 21:44:21 -0400 Subject: [PATCH] Added permissions_boundary variable, input and added to README describing it. --- README.md | 4 ++++ main.tf | 1 + variables.tf | 6 ++++++ 3 files changed, 11 insertions(+) diff --git a/README.md b/README.md index e33035d..16c5eb3 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ module "lambda-scheduler" { rds_schedule = "true" default = "{\"mon\": {\"start\": [7], \"stop\": [19]},\"tue\": {\"start\": [7], \"stop\": [19]},\"wed\": {\"start\": [9, 22], \"stop\": [19]},\"thu\": {\"start\": [7], \"stop\": [2,19]}, \"fri\": {\"start\": [7], \"stop\": [19]}, \"sat\": {\"start\": [22]}, \"sun\": {\"stop\": [7]}}" time = "Europe/London" + permissions_boundary = "arn:aws:iam::AWSACCTID:policy/optional-permissions-boundary-ARN" } ``` ## variables @@ -99,6 +100,9 @@ Default for default is: ### time Timezone to use for scheduler. Can be 'local', 'gmt' or an Olson timezone from https://gist.github.com/ykessler/3349954. default is 'gmt'. local time is for the AWS region. +### permissions_boundary +An optional AWS IAM permissions boundary ARN to be attached to the AWS IAM role. default = "". + ### ec2_schedule Whether to do scheduling for EC2 instances. default = "true". diff --git a/main.tf b/main.tf index 2e969e6..355283f 100644 --- a/main.tf +++ b/main.tf @@ -16,6 +16,7 @@ resource "aws_cloudwatch_event_target" "check-scheduler-event-lambda-target" { # IAM Role for Lambda function resource "aws_iam_role" "scheduler_lambda" { name = "${var.resource_name_prefix}scheduler_lambda" + permissions_boundary = var.permissions_boundary != "" ? var.permissions_boundary : "" assume_role_policy = <