fix: Add missing condition role_session_name when assuming a role (#418)

gw0 · web-flow · commit 89d011ee19fc · 2023-08-30T11:16:45.000+02:00
diff --git a/modules/iam-assumable-role/main.tf b/modules/iam-assumable-role/main.tf
@@ -55,6 +55,15 @@ data "aws_iam_policy_document" "assume_role" {
         values   = local.role_sts_externalid
       }
     }
+
+    dynamic "condition" {
+      for_each = var.role_requires_session_name ? [1] : []
+      content {
+        test     = "StringEquals"
+        variable = "sts:RoleSessionName"
+        values   = var.role_session_name
+      }
+    }
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,15 @@ data "aws_iam_policy_document" "assume_role" {`
`55`	`55`	`values = local.role_sts_externalid`
`56`	`56`	`}`
`57`	`57`	`}`
	`58`	`+`
	`59`	`+ dynamic "condition" {`
	`60`	`+ for_each = var.role_requires_session_name ? [1] : []`
	`61`	`+ content {`
	`62`	`+ test = "StringEquals"`
	`63`	`+ variable = "sts:RoleSessionName"`
	`64`	`+ values = var.role_session_name`
	`65`	`+ }`
	`66`	`+ }`
`58`	`67`	`}`
`59`	`68`	`}`
`60`	`69`