feat(module): add default value [] to input variable assume_role_account_names

2025-04-12 08:53:00 +02:00 · 2025-04-12 08:53:00 +02:00 · 998b78cbe6
commit 998b78cbe6
parent a046131bd2
3 changed files with 52 additions and 40 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,8 +2,14 @@

 All notable changes to this project will be documented in this file.

+## 1.0.1 - 2025-04-12
+
+### Added
+
+- Added default value `[]` to input variable `assume_role_account_names`.
+
 ## 1.0.0 - 2025-04-11

 ### Added

- initial import
+- Initial import.
--- a/main.tf
+++ b/main.tf
@ -1,9 +1,10 @@
 data "aws_organizations_organization" "main" {}

 locals {
-  aws_account_ids = { for info in data.aws_organizations_organization.main.accounts :
+  aws_account_ids = length(var.assume_role_account_names) > 0 ? {
+    for info in data.aws_organizations_organization.main.accounts :
    info.name => info.id
-  }
+  } : {}
 }

 resource "aws_iam_user" "main" {
@ -14,7 +15,8 @@ resource "aws_iam_user" "main" {
 resource "aws_iam_user_policy" "main" {
  name = var.name
  policy = jsonencode({
-    Statement = concat([
+    Statement = concat(
+      length(var.assume_role_account_names) > 0 ? [
        { # Assume roles in AWS sub-accounts
          Action = "sts:AssumeRole"
          Effect = "Allow"
@ -25,7 +27,9 @@ resource "aws_iam_user_policy" "main" {
              var.name,
            )
          ]
-      },
+        }
+      ] : [],
+      [
        {
          Action = [
            # Manage the user's own IAM access key
@ -50,7 +54,8 @@ resource "aws_iam_user_policy" "main" {
          Effect   = "Allow"
          Resource = "*"
        },
-    ])
+      ]
+    )
    Version = "2012-10-17"
  })
  user = aws_iam_user.main.name
--- a/variables.tf
+++ b/variables.tf
@ -1,4 +1,5 @@
 variable "assume_role_account_names" {
+  default     = []
  description = "The names of the AWS sub-accounts this IAM user can assume roles in."
  nullable    = false
  type        = list(string)