* fix to use step function arn for enrichment

Engerim · Engerim · commit 08fc230680aa · 2025-01-16T13:18:28.000+01:00
* add variable to allow only pipe role creation
diff --git a/iam.tf b/iam.tf
@@ -1,7 +1,7 @@
 locals {
   create_role           = var.create && var.create_role
   create_pipes          = var.create && var.create_pipes
-  create_role_for_pipes = local.create_pipes && var.create_role
+  create_role_for_pipes = local.create_pipes && var.create_role ? true : var.create_pipe_role_only
 
   # Defaulting to "*" (an invalid character for an IAM Role name) will cause an error when
   # attempting to plan if the role_name and bus_name are not set. This is a workaround
diff --git a/iam_pipes.tf b/iam_pipes.tf
@@ -33,7 +33,7 @@ locals {
           matching_services = ["lambda"]
         },
         step_functions = {
-          values            = [v.target, try(aws_cloudwatch_event_api_destination.this[v.enrichment].arn, null)],
+          values            = [v.target, try(v.enrichment, null)],
           matching_services = ["states"]
         },
         api_gateway = {
diff --git a/variables.tf b/variables.tf
@@ -10,6 +10,12 @@ variable "create_role" {
   default     = true
 }
 
+variable "create_pipe_role_only" {
+  description = "Controls whether an IAM role should be created for the pipes only"
+  type        = bool
+  default     = false
+}
+
 variable "append_rule_postfix" {
   description = "Controls whether to append '-rule' to the name of the rule"
   type        = bool
