Add permissions_boundary_arn variable

Author: oanhnn

README.md

@@ -7,7 +7,7 @@ Terraform module which creates ECS cluster resources on AWS.
 ```hcl
 module "php" {
   source  = "rabiloo/ecs/aws"
-  version = "~> 0.2.1"
+  version = "~> 0.2.2"
 
   name = "app-ecs-cluster"
   capacity_providers = ["FARGATE", "FARGATE_SPOT"]

modules/ecs-execution-role/README.md

@@ -62,6 +62,7 @@ module "task_execution_role" {
 | <a name="input_name"></a> [name](#input\_name) | The name of the IAM role | `string` | n/a | yes |
 | <a name="input_description"></a> [description](#input\_description) | The description of the IAM role | `string` | `"This is a customized role"` | no |
 | <a name="input_path"></a> [path](#input\_path) | The path to the IAM role | `string` | `"/"` | no |
+| <a name="input_permissions_boundary_arn"></a> [permissions\_boundary\_arn](#input\_permissions\_boundary\_arn) | The permissions boundary of the IAM role | `string` | `""` | no |
 | <a name="input_readable_kms_keys_arn"></a> [readable\_kms\_keys\_arn](#input\_readable\_kms\_keys\_arn) | The list KMS key\_id | `list(string)` | `[]` | no |
 | <a name="input_readable_secrets_arn"></a> [readable\_secrets\_arn](#input\_readable\_secrets\_arn) | The list secret ARN | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | The list of tags to apply to the IAM role | `map(string)` | `{}` | no |

modules/ecs-execution-role/main.tf

@@ -73,8 +73,9 @@ module "this" {
   role_description = var.description
   tags             = var.tags
 
-  create_role       = true
-  role_requires_mfa = false
+  create_role                   = true
+  role_requires_mfa             = false
+  role_permissions_boundary_arn = var.permissions_boundary_arn
 
   trusted_role_actions = [
     "sts:AssumeRole",

modules/ecs-execution-role/variables.tf

@@ -47,3 +47,9 @@ variable "readable_secrets_arn" {
   type        = list(string)
   default     = []
 }
+
+variable "permissions_boundary_arn" {
+  description = "The permissions boundary of the IAM role"
+  type        = string
+  default     = ""
+}

modules/ecs-task-role/README.md

@@ -70,6 +70,7 @@ module "task_role" {
 | <a name="input_name"></a> [name](#input\_name) | The name of the IAM role | `string` | n/a | yes |
 | <a name="input_description"></a> [description](#input\_description) | The description of the IAM role | `string` | `"This is a customized role"` | no |
 | <a name="input_path"></a> [path](#input\_path) | The path to the IAM role | `string` | `"/"` | no |
+| <a name="input_permissions_boundary_arn"></a> [permissions\_boundary\_arn](#input\_permissions\_boundary\_arn) | The permissions boundary of the IAM role | `string` | `""` | no |
 | <a name="input_readable_s3_arns"></a> [readable\_s3\_arns](#input\_readable\_s3\_arns) | The list of S3 ARN that can be read from | `list(string)` | <pre>[<br>  "arn:aws:s3:::*"<br>]</pre> | no |
 | <a name="input_sendable_ses_arns"></a> [sendable\_ses\_arns](#input\_sendable\_ses\_arns) | The list of SES domain identity ARN that can be sent from | `list(string)` | <pre>[<br>  "arn:aws:ses:*:*:*"<br>]</pre> | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | The list of tags to apply to the IAM role | `map(string)` | `{}` | no |

modules/ecs-task-role/main.tf

@@ -121,8 +121,9 @@ module "this" {
   role_description = var.description
   tags             = var.tags
 
-  create_role       = true
-  role_requires_mfa = false
+  create_role                   = true
+  role_requires_mfa             = false
+  role_permissions_boundary_arn = var.permissions_boundary_arn
 
   trusted_role_actions = [
     "sts:AssumeRole",

modules/ecs-task-role/variables.tf

@@ -36,6 +36,12 @@ variable "description" {
   default     = "This is a customized role"
 }
 
+variable "permissions_boundary_arn" {
+  description = "The permissions boundary of the IAM role"
+  type        = string
+  default     = ""
+}
+
 variable "writable_s3_arns" {
   description = "The list of S3 ARN that can be written to"
   type        = list(string)