terraform-aws-modules · antonbabenko · Oct 13, 2022 · Oct 12, 2022 · Oct 12, 2022 · Oct 12, 2022
diff --git a/examples/github-complete/main.tf b/examples/github-complete/main.tf
@@ -78,6 +78,10 @@ module "atlantis" {
   # Trusted roles
   trusted_principals = ["ssm.amazonaws.com"]
 
+  # IAM role options
+  permissions_boundary = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/cloud/developer-boundary-policy"
+  path = "/delegatedadmin/developer/"
+
   # Atlantis
   atlantis_github_user       = var.github_user
   atlantis_github_user_token = var.github_token

diff --git a/main.tf b/main.tf
@@ -534,6 +534,7 @@ resource "aws_iam_role" "ecs_task_execution" {
   assume_role_policy   = data.aws_iam_policy_document.ecs_tasks.json
   max_session_duration = var.max_session_duration
   permissions_boundary = var.permissions_boundary
+  path                 = var.path
 
   tags = local.tags
 }

diff --git a/variables.tf b/variables.tf
@@ -305,6 +305,12 @@ variable "permissions_boundary" {
   default     = null
 }
 
+variable "path" {
+  description = "If provided, all IAM roles will be created with this path."
+  type        = string
+  default     = "/"
+}
+
 variable "policies_arn" {
   description = "A list of the ARN of the policies you want to apply"
   type        = list(string)