feat: add user_policy_document parameter

This parameter allows the user to specify policies that are applied to the S3 bucket with the policies defined by this module. Closes: cloudposse#115
dod38fr · Jun 1, 2023 · 3f01190 · 3f01190
1 parent 99453cc
commit 3f01190
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -56,6 +56,8 @@ data "aws_region" "current" {}
 data "aws_iam_policy_document" "bucket_policy" {
   count = local.enabled ? 1 : 0
 
+  source_policy_documents = var.user_policy_documents
+
   dynamic "statement" {
     for_each = local.prevent_unencrypted_uploads ? ["true"] : []
 

diff --git a/variables.tf b/variables.tf
@@ -189,3 +189,9 @@ variable "permissions_boundary" {
   default     = ""
   description = "ARN of the policy that is used to set the permissions boundary for the IAM replication role"
 }
+
+variable "user_policy_documents" {
+  type        = list(string)
+  default     = []
+  description = "List of IAM policy documents (in JSON format) to attach to the S3 bucket in addition of the policies created by this module."
+}