Add iam_deploy option, defaults to true

Author: gozer

README.md

@@ -138,6 +138,7 @@ Here's the gist of using it directly from github.
 | bucket | Backup and Restore bucket. | `string` | n/a | yes |
 | cluster\_name | Cluster name. | `string` | n/a | yes |
 | description | Namespace description | `string` | `"velero-back-up-and-restore"` | no |
+| iam\_deploy | whther or not to deploy iam role | `bool` | `true` | no |
 | name | namespace name | `string` | `"velero"` | no |
 | namespace\_deploy | whther or not to deploy namespace | `bool` | `false` | no |
 | openid\_connect\_provider\_uri | OpenID Connect Provider for EKS to enable IRSA. | `string` | n/a | yes |
@@ -157,10 +158,10 @@ Here's the gist of using it directly from github.
 
 <!-- START makefile-doc -->
 ```
-$ make help
+$ make help 
 hooks                          Commit hooks setup
 validate                       Validate with pre-commit hooks
-changelog                      Update changelog
+changelog                      Update changelog 
 ```
 <!-- END makefile-doc -->
 

iam.tf

@@ -62,6 +62,7 @@ data aws_iam_policy_document policy {
 }
 
 resource aws_iam_role this {
+  count              = var.iam_deploy ? 1 : 0
   name               = format("%s-%s", var.cluster_name, var.name)
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
   tags = merge(var.tags,
@@ -72,7 +73,8 @@ resource aws_iam_role this {
 }
 
 resource aws_iam_role_policy this {
+  count  = var.iam_deploy ? 1 : 0
   name   = format("%s-%s", var.cluster_name, var.name)
-  role   = aws_iam_role.this.id
+  role   = element(aws_iam_role.this.*.id, 0)
   policy = data.aws_iam_policy_document.policy.json
 }

variables.tf

@@ -15,6 +15,12 @@ variable "app_deploy" {
   type        = bool
 }
 
+variable "iam_deploy" {
+  default     = true
+  description = "whther or not to deploy iam role"
+  type        = bool
+}
+
 variable "name" {
   default     = "velero"
   description = "namespace name"