terraform-aws-elastic-beanstalk-environment
terraform-aws-elastic-beanstalk-environment copied to clipboard
Published
20 hours ago •
cloudposse
cloudposse
Allow use of existing IAM role for EC2 instance profile
trafficstars
What
- Enhancement of #107 , due to original developer seemingly abandoning the original PR.
- Adds
service_role_nameas another 'override', likeinstance_role_nameis in the original PR.
- Adds
- Allow the user of the module to specify an existing IAM Role name for the instance profile.
- Allow the user of the module to specify an existing IAM Role name for the service profile.
- This IAM role name will be used to create the instance profile that is assigned to the EC2 instances managed by Elastic Beanstalk.
Why
- Some environments/users do not have the ability to create their own IAM roles/policies, for security reasons. This change allows a user to provide their own IAM role if one already exists.
- Currently the module creates an IAM role and a series of permissions for the role.
- It is not possible to specify what permissions to use
- It is not possible to edit the permissions that are created
- This limitation severely limits the capability of the EC2 instances if they require other permissions to operate.
References
- closes #70
- closes #107
Thanks for PR @bstascavage. We do have tests in this module, can you take a look at them and extend them to test new functionality?
This pull request is now in conflict. Could you fix it @bstascavage? 🙏
![mergify[bot] avatar](https://avatars.githubusercontent.com/in/10562?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello @bstascavage and thank you for your PR.
This feature would be a great enhancement to the module, i would be glad to help for reviewing it with Cloudposse team.
Are you still working on this ?
