From 10abed9e87dc3ea23cbe6e846ee7645cbd5c05df Mon Sep 17 00:00:00 2001
From: chris3ware <36608309+chris3ware@users.noreply.github.com>
Date: Mon, 11 Aug 2025 17:29:53 +0100
Subject: [PATCH] feat: add vpc_flow_log_iam_role_path variable

---
 README.md        | 1 +
 variables.tf     | 6 ++++++
 vpc-flow-logs.tf | 1 +
 3 files changed, 8 insertions(+)

diff --git a/README.md b/README.md
index da2482379..38c9551d9 100644
--- a/README.md
+++ b/README.md
@@ -589,6 +589,7 @@ No modules.
 | <a name="input_vpc_flow_log_iam_policy_name"></a> [vpc\_flow\_log\_iam\_policy\_name](#input\_vpc\_flow\_log\_iam\_policy\_name) | Name of the IAM policy | `string` | `"vpc-flow-log-to-cloudwatch"` | no |
 | <a name="input_vpc_flow_log_iam_policy_use_name_prefix"></a> [vpc\_flow\_log\_iam\_policy\_use\_name\_prefix](#input\_vpc\_flow\_log\_iam\_policy\_use\_name\_prefix) | Determines whether the name of the IAM policy (`vpc_flow_log_iam_policy_name`) is used as a prefix | `bool` | `true` | no |
 | <a name="input_vpc_flow_log_iam_role_name"></a> [vpc\_flow\_log\_iam\_role\_name](#input\_vpc\_flow\_log\_iam\_role\_name) | Name to use on the VPC Flow Log IAM role created | `string` | `"vpc-flow-log-role"` | no |
+| <a name="input_vpc_flow_log_iam_role_path"></a> [vpc\_flow\_log\_iam\_role\_path](#input\_vpc\_flow\_log\_iam\_role\_path) | The path for the VPC Flow Log IAM Role | `string` | `null` | no |
 | <a name="input_vpc_flow_log_iam_role_use_name_prefix"></a> [vpc\_flow\_log\_iam\_role\_use\_name\_prefix](#input\_vpc\_flow\_log\_iam\_role\_use\_name\_prefix) | Determines whether the IAM role name (`vpc_flow_log_iam_role_name_name`) is used as a prefix | `bool` | `true` | no |
 | <a name="input_vpc_flow_log_permissions_boundary"></a> [vpc\_flow\_log\_permissions\_boundary](#input\_vpc\_flow\_log\_permissions\_boundary) | The ARN of the Permissions Boundary for the VPC Flow Log IAM Role | `string` | `null` | no |
 | <a name="input_vpc_flow_log_tags"></a> [vpc\_flow\_log\_tags](#input\_vpc\_flow\_log\_tags) | Additional tags for the VPC Flow Logs | `map(string)` | `{}` | no |
diff --git a/variables.tf b/variables.tf
index d8338267a..6a043bf88 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1508,6 +1508,12 @@ variable "vpc_flow_log_iam_role_name" {
   default     = "vpc-flow-log-role"
 }
 
+variable "vpc_flow_log_iam_role_path" {
+  description = "The path for the VPC Flow Log IAM Role"
+  type        = string
+  default     = null
+}
+
 variable "vpc_flow_log_iam_role_use_name_prefix" {
   description = "Determines whether the IAM role name (`vpc_flow_log_iam_role_name_name`) is used as a prefix"
   type        = bool
diff --git a/vpc-flow-logs.tf b/vpc-flow-logs.tf
index fc7ba90be..4f1b54d4d 100644
--- a/vpc-flow-logs.tf
+++ b/vpc-flow-logs.tf
@@ -79,6 +79,7 @@ resource "aws_iam_role" "vpc_flow_log_cloudwatch" {
 
   name        = var.vpc_flow_log_iam_role_use_name_prefix ? null : var.vpc_flow_log_iam_role_name
   name_prefix = var.vpc_flow_log_iam_role_use_name_prefix ? "${var.vpc_flow_log_iam_role_name}-" : null
+  path        = var.vpc_flow_log_iam_role_path
 
   assume_role_policy   = data.aws_iam_policy_document.flow_log_cloudwatch_assume_role[0].json
   permissions_boundary = var.vpc_flow_log_permissions_boundary