Merge pull request #3 from gozer/issue/2/iam_deploy

Add iam_deploy option, defaults to true

Author: ivankatliarchuk

README.md

@@ -138,6 +138,7 @@ Here's the gist of using it directly from github.
 | bucket | Backup and Restore bucket. | `string` | n/a | yes |
 | cluster\_name | Cluster name. | `string` | n/a | yes |
 | description | Namespace description | `string` | `"velero-back-up-and-restore"` | no |
+| iam\_deploy | whther or not to deploy iam role | `bool` | `true` | no |
 | iam\_role\_name | Name of the Velero IAM role | `string` | `""` | no |
 | name | namespace name | `string` | `"velero"` | no |
 | namespace\_deploy | whther or not to deploy namespace | `bool` | `false` | no |

iam.tf

@@ -62,7 +62,9 @@ data aws_iam_policy_document policy {
 }
 
 resource aws_iam_role this {
+  count              = var.iam_deploy ? 1 : 0
   name               = var.iam_role_name == "" ? format("%s-%s", var.cluster_name, var.name) : var.iam_role_name
+
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
   tags = merge(var.tags,
     { Attached = var.name },
@@ -72,7 +74,8 @@ resource aws_iam_role this {
 }
 
 resource aws_iam_role_policy this {
+  count  = var.iam_deploy ? 1 : 0
   name   = format("%s-%s", var.cluster_name, var.name)
-  role   = aws_iam_role.this.id
+  role   = element(aws_iam_role.this.*.id, 0)
   policy = data.aws_iam_policy_document.policy.json
 }

variables.tf

@@ -15,6 +15,12 @@ variable "app_deploy" {
   type        = bool
 }
 
+variable "iam_deploy" {
+  default     = true
+  description = "whther or not to deploy iam role"
+  type        = bool
+}
+
 variable "name" {
   default     = "velero"
   description = "namespace name"