Updating Role name for SSM

Rajeev Jaggavarapu · Rajeev Jaggavarapu · commit 386c34809a44 · 2020-12-17T12:09:09.000+05:30
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,34 @@
-.terraform
-*.tfstate*
-*.tfvars*
-other_vars.tf
-provider.tf
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,8 @@
 repos:
 - repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.27.0
+  rev: v1.43.0
   hooks:
     - id: terraform_fmt
     - id: terraform_docs
+    - id: checkov
+    - id: terraform_tfsec
diff --git a/README.md b/README.md
@@ -39,6 +39,7 @@ module "ssm_resources" {
 | default\_user | operating system user name for starting sessions | `string` | `"ec2-user"` | no |
 | enable\_log\_to\_cloudwatch | Enable Session Manager to Log to CloudWatch Logs | `bool` | `true` | no |
 | kms\_key | KMS Key Details | `map(string)` | <pre>{<br>  "deletion_window_in_days": 7,<br>  "description": "CMK for cloudwath logs and session",<br>  "name": "ssm-cmk-key"<br>}</pre> | no |
+| role\_name | Name of the Role | `string` | `""` | no |
 | run\_as\_enabled | Do you want to use Specify Operating System user for sessions | `bool` | `true` | no |
 | tags | A map of tags to add to all resources | `map(string)` | `{}` | no |
 
diff --git a/main.tf b/main.tf
@@ -48,7 +48,7 @@ resource "aws_cloudwatch_log_group" "session_manager_log_group" {
 
 # Create EC2 Instance Role for SSM
 resource "aws_iam_role" "ssm_role" {
-  name = "SessionManagerRole"
+  name = format("%s-SessionManagerRole", var.role_name)
   path = "/"
   tags = var.tags
 
diff --git a/variables.tf b/variables.tf
@@ -49,3 +49,9 @@ variable "create_ssm_document" {
   description = "Do you want to create SSM Document"
   default     = true
 }
+
+variable "role_name" {
+  type        = string
+  description = "Name of the Role"
+  default     = ""
+}
