feat: add node_iam_additional_policies variable

Allows consumers to attach additional IAM policies to the managed
node group role. Defaults to empty map for backward compatibility.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: kav

main.tf

@@ -202,7 +202,8 @@ module "eks" {
           }
         }
       }
-      taints = var.initial_node_taints
+      taints                       = var.initial_node_taints
+      iam_role_additional_policies = var.node_iam_additional_policies
     }
   } : {}
   access_entries = merge(local.admin_access_entries, local.ro_access_entries, local.extra_access_entries)

variables.tf

@@ -193,3 +193,8 @@ variable "vpc_endpoints" {
   description = "vpc endpoints within the cluster vpc network, note: this only works when using the internal created VPC"
   default     = []
 }
+variable "node_iam_additional_policies" {
+  type        = map(string)
+  default     = {}
+  description = "Map of IAM policy name to ARN to attach to the managed node group IAM role."
+}