add the additional_assume_role_principals param for cluster iam role

Author: apetrosyan1613

README.md

@@ -428,6 +428,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
 | <a name="input_create_cluster_security_group"></a> [create\_cluster\_security\_group](#input\_create\_cluster\_security\_group) | Determines if a security group is created for the cluster. Note: the EKS service creates a primary security group for the cluster by default | `bool` | `true` | no |
 | <a name="input_create_cni_ipv6_iam_policy"></a> [create\_cni\_ipv6\_iam\_policy](#input\_create\_cni\_ipv6\_iam\_policy) | Determines whether to create an [`AmazonEKS_CNI_IPv6_Policy`](https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html#cni-iam-role-create-ipv6-policy) | `bool` | `false` | no |
 | <a name="input_create_iam_role"></a> [create\_iam\_role](#input\_create\_iam\_role) | Determines whether an IAM role is created for the cluster | `bool` | `true` | no |
+| <a name="input_additional_assume_role_principals"></a> [additional\_assume\_role\_principals](#input\_additional\_assume\_principals) | List of additional principals to allow assuming the role | `list(object)` | `[]` | no |
 | <a name="input_create_kms_key"></a> [create\_kms\_key](#input\_create\_kms\_key) | Controls if a KMS key for cluster encryption should be created | `bool` | `true` | no |
 | <a name="input_create_node_iam_role"></a> [create\_node\_iam\_role](#input\_create\_node\_iam\_role) | Determines whether an EKS Auto node IAM role is created | `bool` | `true` | no |
 | <a name="input_create_node_security_group"></a> [create\_node\_security\_group](#input\_create\_node\_security\_group) | Determines whether to create a security group for the node groups or use the existing `node_security_group_id` | `bool` | `true` | no |

main.tf

@@ -489,6 +489,16 @@ data "aws_iam_policy_document" "assume_role_policy" {
       }
     }
   }
+  dynamic "statement" {
+    for_each = var.additional_assume_role_principals
+    content {
+      actions = statement.value.actions
+      principals {
+        type        = statement.value.type
+        identifiers = statement.value.identifiers
+      }
+    }
+  }
 }
 
 resource "aws_iam_role" "this" {

variables.tf

@@ -548,6 +548,16 @@ variable "enable_auto_mode_custom_tags" {
   default     = true
 }
 
+variable "additional_assume_role_principals" {
+  description = "List of additional principals to allow assuming the role"
+  type = list(object({
+    type        = string
+    identifiers = list(string)
+    actions     = optional(list(string), ["sts:AssumeRole"])
+  }))
+  default = []
+}
+
 ################################################################################
 # EKS Addons
 ################################################################################