From 398e5d0a201eed64f9205fbe0b0eed881ab2237e Mon Sep 17 00:00:00 2001
From: Ryan Eskin <ryan.eskin89@protonmail.com>
Date: Tue, 17 Sep 2024 14:46:30 -0400
Subject: [PATCH 1/3] feature(iam): Allow an optional permissions boundary

---
 modules/lambda-registrator/main.tf      | 2 ++
 modules/lambda-registrator/variables.tf | 8 +++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/lambda-registrator/main.tf b/modules/lambda-registrator/main.tf
index fc6a566c..f8853564 100644
--- a/modules/lambda-registrator/main.tf
+++ b/modules/lambda-registrator/main.tf
@@ -58,6 +58,8 @@ resource "aws_iam_role" "registration" {
   ]
 }
 EOF
+
+  permissions_boundary = var.aws_iam_permissions_boundary != "" ? var.aws.iam_permissions_boundary : null
 }
 
 resource "aws_iam_policy" "policy" {
diff --git a/modules/lambda-registrator/variables.tf b/modules/lambda-registrator/variables.tf
index dd769971..f6d2bda9 100644
--- a/modules/lambda-registrator/variables.tf
+++ b/modules/lambda-registrator/variables.tf
@@ -156,4 +156,10 @@ variable "arch" {
     condition     = contains(["arm64", "x86_64"], var.arch)
     error_message = "Invalid value for 'arch', options: 'arm64', 'x86_64'."
   }
-}
\ No newline at end of file
+}
+
+variable "aws_iam_permissions_boundary" {
+  description = "Optional Permissions Boundary to add to the created IAM Role."
+  type        = string
+  default     = ""
+}

From f419339c278a50416edd02b28e70a92a8953a41d Mon Sep 17 00:00:00 2001
From: Ryan Eskin <55214537+reskin89@users.noreply.github.com>
Date: Tue, 17 Sep 2024 15:13:04 -0400
Subject: [PATCH 2/3] fix(iam): rebase induced typo

---
 modules/lambda-registrator/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/lambda-registrator/main.tf b/modules/lambda-registrator/main.tf
index f8853564..cfc26e9e 100644
--- a/modules/lambda-registrator/main.tf
+++ b/modules/lambda-registrator/main.tf
@@ -59,7 +59,7 @@ resource "aws_iam_role" "registration" {
 }
 EOF
 
-  permissions_boundary = var.aws_iam_permissions_boundary != "" ? var.aws.iam_permissions_boundary : null
+  permissions_boundary = var.aws_iam_permissions_boundary != "" ? var.aws_iam_permissions_boundary : null
 }
 
 resource "aws_iam_policy" "policy" {

From 15417ed9772564f9298522bc7e87e715adcbfa09 Mon Sep 17 00:00:00 2001
From: Ryan Eskin <ryan.eskin89@protonmail.com>
Date: Tue, 17 Sep 2024 15:24:20 -0400
Subject: [PATCH 3/3] fix(eventbridge): eventbridge also gets the permissions
 boundary if its supplied

---
 modules/lambda-registrator/main.tf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/lambda-registrator/main.tf b/modules/lambda-registrator/main.tf
index cfc26e9e..83198bc6 100644
--- a/modules/lambda-registrator/main.tf
+++ b/modules/lambda-registrator/main.tf
@@ -235,8 +235,9 @@ module "eventbridge" {
   source  = "terraform-aws-modules/eventbridge/aws"
   version = "1.17.3"
 
-  create_bus = false
-  role_name  = "${var.name}-eventbridge"
+  create_bus                = false
+  role_name                 = "${var.name}-eventbridge"
+  role_permissions_boundary = var.aws_iam_permissions_boundary != "" ? var.aws_iam_permissions_boundary : null
 
   rules = {
     "${local.lambda_events_key}" = {