Merge pull request #3 from worldcoin/feat/aws-load-balancer/add-variable-to-control-aws-load-balancer-iam-role-creation

marcin-janas · web-flow · commit 94ca4288b1ec · 2025-07-31T14:29:44.000+02:00
INFRA-5029(aws-load-balancer): Add variable to control AWS Load Balancer IAM role creation
diff --git a/iam-aws-load-balancer.tf b/iam-aws-load-balancer.tf
@@ -329,13 +329,25 @@ data "aws_iam_policy_document" "aws_load_balancer" {
 }
 
 resource "aws_iam_role" "aws_load_balancer" {
+  count              = var.aws_load_balancer_iam_role_enabled ? 1 : 0
   name               = "aws-load-balancer-controller-${var.cluster_name}"
   path               = "/system/"
   assume_role_policy = data.aws_iam_policy_document.aws_load_balancer_assume_role_policy.json
 }
 
 resource "aws_iam_role_policy" "aws_load_balancer" {
+  count  = var.aws_load_balancer_iam_role_enabled ? 1 : 0
   name   = "aws-load-balancer-controller-${var.cluster_name}"
-  role   = aws_iam_role.aws_load_balancer.id
+  role   = aws_iam_role.aws_load_balancer[0].id
   policy = data.aws_iam_policy_document.aws_load_balancer.json
 }
+
+moved {
+  from = aws_iam_role.aws_load_balancer
+  to   = aws_iam_role.aws_load_balancer[0]
+}
+
+moved {
+  from = aws_iam_role_policy.aws_load_balancer
+  to   = aws_iam_role_policy.aws_load_balancer[0]
+}
diff --git a/variables.tf b/variables.tf
@@ -656,3 +656,9 @@ variable "vpc_cni_external_snat" {
   type        = string
   default     = false
 }
+
+variable "aws_load_balancer_iam_role_enabled" {
+  description = "Whether to enable the IAM role for the AWS Load Balancer"
+  type        = bool
+  default     = true
+}
