Add custom policy attachment as a accepted variable

README.md

@@ -32,6 +32,7 @@ No modules.
 | [aws_iam_role_policy.customPolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
 | [aws_iam_role_policy_attachment.AdministratorAccess](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.PowerUserAccess](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.customPolicyAttachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_openid_connect_provider.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source |
 | [aws_iam_policy_document.PowerUserIAMAccess](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -43,6 +44,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_custom_repository_identifiers"></a> [custom\_repository\_identifiers](#input\_custom\_repository\_identifiers) | List of custom repository identifiers to attach to the assume role policy instead. For advanced users. This overwrties the repository variables. The list must contain full 'repo:' line instead of the short name. Can accept multiple lines for multiple repositories and/or branch rules. | `list(string)` | `null` | no |
 | <a name="input_extra_iam_policies"></a> [extra\_iam\_policies](#input\_extra\_iam\_policies) | Optional list of IAM policy JSON encoded strings to attach as inline role policies to the new role. When creating multiple policies, the policy name must not overlap. | <pre>list(object({<br>    policy_name   = string<br>    policy_object = string<br>  }))</pre> | `[]` | no |
+| <a name="input_extra_iam_policy_attachments"></a> [extra\_iam\_policy\_attachments](#input\_extra\_iam\_policy\_attachments) | Optional list of IAM policy ARNs to attach to the role. | `list(string)` | `[]` | no |
 | <a name="input_preset_permission_level"></a> [preset\_permission\_level](#input\_preset\_permission\_level) | Preset permission level to attach to the IAM role. Can be either 'FullAdministrator', 'PowerUserWithIAM', 'PowerUser', or 'None'. Defaults to 'None' | `string` | `"None"` | no |
 | <a name="input_repository_access_branch"></a> [repository\_access\_branch](#input\_repository\_access\_branch) | The branch name that is allowed to use the IAM role. Required if repository\_access\_type is set to 'branch'. | `string` | `""` | no |
 | <a name="input_repository_access_type"></a> [repository\_access\_type](#input\_repository\_access\_type) | Level of access to grant the repository. Set to 'branch' to grant access to only one branch or 'all' to grant access to all branches. Defaults to 'all' | `string` | `"all"` | no |

main.tf

@@ -65,3 +65,10 @@ resource "aws_iam_role_policy" "customPolicy" {
   role     = aws_iam_role.main.name
   policy   = each.value.policy_object
 }
+
+
+resource "aws_iam_role_policy_attachment" "customPolicyAttachment" {
+  for_each   = length(var.extra_iam_policy_attachments) > 0 ? toset(var.extra_iam_policy_attachments) : []
+  role       = aws_iam_role.main.name
+  policy_arn = each.value
+}

variables.tf

@@ -49,3 +49,9 @@ variable "extra_iam_policies" {
   default = []
 }
 
+variable "extra_iam_policy_attachments" {
+  description = "Optional list of IAM policy ARNs to attach to the role."
+  type        = list(string)
+  default     = []
+}
+