From e955e40f34c7328f8660c86b56a08884ac6665a5 Mon Sep 17 00:00:00 2001
From: hedinasr <hedi.nasr@sonarsource.com>
Date: Fri, 6 Jun 2025 14:18:05 +0200
Subject: [PATCH] feat: add iam_policy_path var for aws_iam_policy.custom

---
 README.md    | 1 +
 main.tf      | 2 +-
 variables.tf | 6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 4a511ae8bf..cd6f031329 100644
--- a/README.md
+++ b/README.md
@@ -444,6 +444,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
 | <a name="input_enable_security_groups_for_pods"></a> [enable\_security\_groups\_for\_pods](#input\_enable\_security\_groups\_for\_pods) | Determines whether to add the necessary IAM permission policy for security groups for pods | `bool` | `true` | no |
 | <a name="input_fargate_profile_defaults"></a> [fargate\_profile\_defaults](#input\_fargate\_profile\_defaults) | Map of Fargate Profile default configurations | `any` | `{}` | no |
 | <a name="input_fargate_profiles"></a> [fargate\_profiles](#input\_fargate\_profiles) | Map of Fargate Profile definitions to create | `any` | `{}` | no |
+| <a name="input_iam_policy_path"></a> [iam\_policy\_path](#input\_iam\_policy\_path) | The IAM policy path | `string` | `null` | no |
 | <a name="input_iam_role_additional_policies"></a> [iam\_role\_additional\_policies](#input\_iam\_role\_additional\_policies) | Additional policies to be added to the IAM role | `map(string)` | `{}` | no |
 | <a name="input_iam_role_arn"></a> [iam\_role\_arn](#input\_iam\_role\_arn) | Existing IAM role ARN for the cluster. Required if `create_iam_role` is set to `false` | `string` | `null` | no |
 | <a name="input_iam_role_description"></a> [iam\_role\_description](#input\_iam\_role\_description) | Description of the role | `string` | `null` | no |
diff --git a/main.tf b/main.tf
index c10d79608d..579d16b094 100644
--- a/main.tf
+++ b/main.tf
@@ -703,7 +703,7 @@ resource "aws_iam_policy" "custom" {
 
   name        = var.iam_role_use_name_prefix ? null : local.iam_role_name
   name_prefix = var.iam_role_use_name_prefix ? "${local.iam_role_name}-" : null
-  path        = var.iam_role_path
+  path        = var.iam_policy_path
   description = var.iam_role_description
 
   policy = data.aws_iam_policy_document.custom[0].json
diff --git a/variables.tf b/variables.tf
index b4881b2988..e2830db99c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -475,6 +475,12 @@ variable "iam_role_use_name_prefix" {
   default     = true
 }
 
+variable "iam_policy_path" {
+  description = "The IAM policy path"
+  type        = string
+  default     = null
+}
+
 variable "iam_role_path" {
   description = "The IAM role path"
   type        = string