Added output with which policy ARNs are applied (#3)

Co-authored-by: dmattia <[email protected]>
transcend-io · Aug 3, 2020 · e03b9d8 · e03b9d8
1 parent bd7a980
commit e03b9d8
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 4 deletions.
diff --git a/execution_role.tf b/execution_role.tf
@@ -14,6 +14,13 @@ resource "aws_iam_role" "execution_role" {
   assume_role_policy = data.aws_iam_policy_document.ecs_cloudwatch_doc.json
 }
 
+locals {
+  policy_arns = concat(
+    var.additional_task_policy_arns,
+    ["arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"]
+  )
+}
+
 /**
  * This resource code seems pretty gross, but 'tis the way it has to be.
  *
@@ -32,8 +39,5 @@ resource "aws_iam_role" "execution_role" {
 resource "aws_iam_role_policy_attachment" "ecs_role_policy" {
   count = var.additional_task_policy_arns_count + 1
   role  = aws_iam_role.execution_role.name
-  policy_arn = concat(
-    var.additional_task_policy_arns,
-    ["arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"]
-  )[count.index]
+  policy_arn = local.policy_arns[count.index]
 }
diff --git a/outputs.tf b/outputs.tf
@@ -1,4 +1,9 @@
 output "role_arn" {
   value = aws_iam_role.execution_role.arn
   description = "Arn of the task execution role"
+}
+
+output "policy_arns" {
+  value = local.policy_arns
+  description = "Amazon resource names of all policies set on the IAM Role execution task"
 }