diff --git a/README.md b/README.md
index 3e2b7c1..d6d13e5 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,7 @@ No modules.
| [aws_iam_role_policy.customPolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy_attachment.AdministratorAccess](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.PowerUserAccess](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.customPolicyAttachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_openid_connect_provider.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source |
| [aws_iam_policy_document.PowerUserIAMAccess](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -43,6 +44,7 @@ No modules.
|------|-------------|------|---------|:--------:|
| [custom\_repository\_identifiers](#input\_custom\_repository\_identifiers) | List of custom repository identifiers to attach to the assume role policy instead. For advanced users. This overwrties the repository variables. The list must contain full 'repo:' line instead of the short name. Can accept multiple lines for multiple repositories and/or branch rules. | `list(string)` | `null` | no |
| [extra\_iam\_policies](#input\_extra\_iam\_policies) | Optional list of IAM policy JSON encoded strings to attach as inline role policies to the new role. When creating multiple policies, the policy name must not overlap. | list(object({
policy_name = string
policy_object = string
})) | `[]` | no |
+| [extra\_iam\_policy\_attachments](#input\_extra\_iam\_policy\_attachments) | Optional list of IAM policy ARNs to attach to the role. | `list(string)` | `[]` | no |
| [preset\_permission\_level](#input\_preset\_permission\_level) | Preset permission level to attach to the IAM role. Can be either 'FullAdministrator', 'PowerUserWithIAM', 'PowerUser', or 'None'. Defaults to 'None' | `string` | `"None"` | no |
| [repository\_access\_branch](#input\_repository\_access\_branch) | The branch name that is allowed to use the IAM role. Required if repository\_access\_type is set to 'branch'. | `string` | `""` | no |
| [repository\_access\_type](#input\_repository\_access\_type) | Level of access to grant the repository. Set to 'branch' to grant access to only one branch or 'all' to grant access to all branches. Defaults to 'all' | `string` | `"all"` | no |
diff --git a/main.tf b/main.tf
index 84bc56a..834ed21 100644
--- a/main.tf
+++ b/main.tf
@@ -65,3 +65,10 @@ resource "aws_iam_role_policy" "customPolicy" {
role = aws_iam_role.main.name
policy = each.value.policy_object
}
+
+
+resource "aws_iam_role_policy_attachment" "customPolicyAttachment" {
+ for_each = length(var.extra_iam_policy_attachments) > 0 ? toset(var.extra_iam_policy_attachments) : []
+ role = aws_iam_role.main.name
+ policy_arn = each.value
+}
diff --git a/variables.tf b/variables.tf
index 53ac5f7..da3f308 100644
--- a/variables.tf
+++ b/variables.tf
@@ -49,3 +49,9 @@ variable "extra_iam_policies" {
default = []
}
+variable "extra_iam_policy_attachments" {
+ description = "Optional list of IAM policy ARNs to attach to the role."
+ type = list(string)
+ default = []
+}
+