Suggestion to allow policy #7
Description
Hi,
I just started to use this module. But for our use case, other than lambda lambda:UpdateFunctionCode we are using several other policies as well. I'd like to make a suggestion to include role_policy_arns so that we can attach that policy to it.
module "lamda_gha" {
source = "philips-labs/github-oidc/aws"
version = "~> 0.7.0"
count = var.create_github_actions_role ? 1 : 0
openid_connect_provider_arn = var.create_github_actions_oidc_provider ? module.oidc_provider[0].openid_connect_provider.arn : data.aws_iam_openid_connect_provider.github.arn
repo = var.github_repo.repo
role_name = var.github_repo.role_name
github_environments = var.github_repo.environments
+ role_policy_arns = var.attach_policy ? [var.role_policy_arns] : []
default_conditions = var.default_conditions
conditions = length(var.github_repo.branches) != 0 ? [
{
test = "StringLike"
variable = "token.actions.githubusercontent.com:sub"
values = [for branch in var.github_repo.branches : "repo:${var.github_repo.repo}:ref:refs/heads/${branch}"]
},
] : []
}