Add Service Link Role flag

lgallard · lgallard · commit 2da8c4504359 · 2020-06-26T14:58:40.000-03:00
diff --git a/iam.tf b/iam.tf
@@ -29,6 +29,7 @@ CONFIG
 
 # Service-linked role to give Amazon ES permissions to access your VPC
 resource "aws_iam_service_linked_role" "es" {
+  count            = var.create_service_link_role == true ? 1 : 0
   aws_service_name = "es.amazonaws.com"
   description      = "Service-linked role to give Amazon ES permissions to access your VPC"
 }
diff --git a/variables.tf b/variables.tf
@@ -244,3 +244,10 @@ variable "timeouts_update" {
   type        = string
   default     = null
 }
+
+# Service Link Role
+variable "create_service_link_role" {
+  description = "Create service link role for AWS Elasticsearch Service"
+  type        = bool
+  default     = true
+}

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@ CONFIG`
`29`	`29`
`30`	`30`	`# Service-linked role to give Amazon ES permissions to access your VPC`
`31`	`31`	`resource "aws_iam_service_linked_role" "es" {`
	`32`	`+ count = var.create_service_link_role == true ? 1 : 0`
`32`	`33`	`aws_service_name = "es.amazonaws.com"`
`33`	`34`	`description = "Service-linked role to give Amazon ES permissions to access your VPC"`
`34`	`35`	`}`