NEW: added cloudhealth role

layers/security_identity_compliance/iam_roles/main.tf

@@ -8,6 +8,7 @@ module iam-module {
   project = var.project
   aws-region-short = var.aws-region-short
   default-tags = local.default-tags
+  create-cloudhealth-resources = false
   cloudheath-ext-id1 = "87adcc8d76e0bc18ac67e1c4a7acbc"
   cloudheath-ext-id2 = "68c32aa2f429c59528ae79c713159f"
 }

modules/security_identity_compliance/roles_iam_resources/cloudhealth-role.tf

@@ -1,4 +1,5 @@
 resource aws_iam_role cloudhealth-role {
+  count = var.create-cloudhealth-resources ? 1 : 0
   name = "CloudHealth-Role"
   tags = var.default-tags
   assume_role_policy = <<EOF
@@ -26,6 +27,7 @@ EOF
 }
 
 resource "aws_iam_policy" "CloudHealth-Policy" {
+  count = var.create-cloudhealth-resources ? 1 : 0
   name   = "CloudHealthPolicy"
   policy = <<-EOF
 {
@@ -132,7 +134,8 @@ EOF
 }
 
 resource "aws_iam_role_policy_attachment" "cloudhealth-role-policy-attach" {
-  role       = aws_iam_role.cloudhealth-role.name
-  policy_arn = aws_iam_policy.CloudHealth-Policy.arn
+  count = var.create-cloudhealth-resources ? 1 : 0
+  role       = aws_iam_role.cloudhealth-role[1].name
+  policy_arn = aws_iam_policy.CloudHealth-Policy[1].arn
 }
 

modules/security_identity_compliance/roles_iam_resources/variables.tf

@@ -8,6 +8,12 @@ variable "cloudtrail-retain-days" {
   type = number
   default = 90
 }
+
+variable "create-cloudhealth-resources" {
+  type = bool
+  default = false
+}
+
 variable "cloudheath-ext-id1" {}
 variable "cloudheath-ext-id2" {}