Merge pull request #51 from dgrizzanti/instance_role_options

Instance role options

Author: brikis98

examples/couchbase-ami/README.md

@@ -93,4 +93,4 @@ The Packer template in this example folder can build not only AMIs, but also Doc
 convenient for testing out the various scripts in the `modules` folder without having to wait for an AMI to build and
 a bunch of EC2 Instances to boot up. See the [local-mocks 
 folder](https://github.com/gruntwork-io/terraform-aws-couchbase/tree/master/modules/install-couchbase-server) for
-instructions.
+instructions.

modules/couchbase-cluster/main.tf

@@ -165,8 +165,10 @@ resource "aws_iam_instance_profile" "instance_profile" {
 }
 
 resource "aws_iam_role" "instance_role" {
-  name_prefix        = var.cluster_name
-  assume_role_policy = data.aws_iam_policy_document.instance_role.json
+  name_prefix          = var.cluster_name
+  assume_role_policy   = data.aws_iam_policy_document.instance_role.json
+  path                 = var.instance_role_path
+  permissions_boundary = var.instance_permissions_boundary
 
   # aws_iam_instance_profile.instance_profile in this module sets create_before_destroy to true, which means
   # everything it depends on, including this resource, must set it as well, or you'll get cyclic dependency errors

modules/couchbase-cluster/variables.tf

@@ -164,6 +164,18 @@ variable "instance_profile_path" {
   default     = "/"
 }
 
+variable "instance_role_path" {
+  description = "Path in which to create the IAM instance role."
+  type        = string
+  default     = "/"
+}
+
+variable "instance_permissions_boundary" {
+  description = "The ARN of the policy that is used to set the permissions boundary for the instance profile role"
+  type        = string
+  default     = null
+}
+
 variable "ssh_port" {
   description = "The port used for SSH connections"
   type        = number