feat: allow passing in accessors

README.md

@@ -44,6 +44,7 @@ Comment in these badges if they apply to the repository.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_accessors_read_write"></a> [accessors\_read\_write](#input\_accessors\_read\_write) | List of accessors that are allowed to read & write. | `list(string)` | `[]` | no |
 | <a name="input_bypass_policy_lockout_safety_check"></a> [bypass\_policy\_lockout\_safety\_check](#input\_bypass\_policy\_lockout\_safety\_check) | A flag to indicate whether to bypass the aws\_efs\_file\_system\_policy lockout safety check. | `bool` | `false` | no |
 | <a name="input_enable_enhanced_backups"></a> [enable\_enhanced\_backups](#input\_enable\_enhanced\_backups) | Enable enhanced backups. | `bool` | `false` | no |
 | <a name="input_encrypted"></a> [encrypted](#input\_encrypted) | If true, the disk will be encrypted. | `bool` | `true` | no |

data.tf

@@ -18,8 +18,11 @@ data "aws_iam_policy_document" "main" {
     }
 
     principals {
-      type        = "AWS"
-      identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]
+      type = "AWS"
+      identifiers = coalescelist(
+        ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"],
+        var.accessors_read_write
+      )
     }
   }
 }

variables.tf

@@ -68,3 +68,9 @@ variable "transition_to_primary_storage_class" {
   description = "Describes the policy used to transition a file from infequent access storage to primary storage. Only AFTER_1_ACCESS is accepted"
   type        = string
 }
+
+variable "accessors_read_write" {
+  default     = []
+  description = "List of accessors that are allowed to read & write."
+  type        = list(string)
+}