feat: Added support for custom role_arn in targets (#42)

Author: antonbabenko

examples/with-api-destination/README.md

@@ -27,6 +27,7 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.44 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 3.0 |
 
 ## Modules
@@ -39,7 +40,9 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Type |
 |------|------|
+| [aws_iam_role.eventbridge](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
+| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 
 ## Inputs
 

examples/with-api-destination/main.tf

@@ -33,7 +33,7 @@ module "eventbridge" {
       {
         name            = "send-orders-to-requestbin"
         destination     = "requestbin"
-        attach_role_arn = true
+        attach_role_arn = aws_iam_role.eventbridge.arn
       },
       {
         name            = "send-orders-to-github"
@@ -164,3 +164,20 @@ module "eventbridge" {
 resource "random_pet" "this" {
   length = 2
 }
+
+resource "aws_iam_role" "eventbridge" {
+  name               = "${random_pet.this.id}-role"
+  assume_role_policy = data.aws_iam_policy_document.assume_role.json
+}
+
+data "aws_iam_policy_document" "assume_role" {
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["events.amazonaws.com"]
+    }
+  }
+}

main.tf

@@ -65,7 +65,8 @@ resource "aws_cloudwatch_event_target" "this" {
   rule = each.value.Name
   arn  = lookup(each.value, "destination", null) != null ? aws_cloudwatch_event_api_destination.this[each.value.destination].arn : each.value.arn
 
-  role_arn   = lookup(each.value, "attach_role_arn", null) != null ? try(aws_iam_role.eventbridge[0].arn, "") : null
+  role_arn = can(length(each.value.attach_role_arn) > 0) ? each.value.attach_role_arn : (try(each.value.attach_role_arn, null) == true ? aws_iam_role.eventbridge[0].arn : null)
+
   target_id  = lookup(each.value, "target_id", null)
   input      = lookup(each.value, "input", null)
   input_path = lookup(each.value, "input_path", null)