From ce9afb480a78fb27b66546bc7e63330a238c01fc Mon Sep 17 00:00:00 2001
From: Nick Doyle <nick.doyle@intelematics.com>
Date: Fri, 30 Aug 2019 17:17:11 +1000
Subject: [PATCH] feat: support iam role permissions_boundary

---
 iam.tf       | 7 ++++---
 variables.tf | 5 +++++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/iam.tf b/iam.tf
index ec9d74d..e267d08 100644
--- a/iam.tf
+++ b/iam.tf
@@ -13,9 +13,10 @@ data "aws_iam_policy_document" "assume_role" {
 }
 
 resource "aws_iam_role" "lambda" {
-  name               = var.function_name
-  assume_role_policy = data.aws_iam_policy_document.assume_role.json
-  tags               = var.tags
+  name                 = var.function_name
+  assume_role_policy   = data.aws_iam_policy_document.assume_role.json
+  permissions_boundary = var.permissions_boundary_arn
+  tags                 = var.tags
 }
 
 # Attach a policy for logs.
diff --git a/variables.tf b/variables.tf
index f42069f..c977d7d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -63,6 +63,11 @@ variable "description" {
   default = null
 }
 
+variable "permissions_boundary_arn" {
+  type    = string
+  default = null
+}
+
 variable "layers" {
   type    = list(string)
   default = null