Merge pull request #6 from lgallard/fix/servicerole-creation

Add service link role creation flag

Author: lgallard

CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.3.0 (June 26, 2020)
+
+FIXES:
+
+* Add Service Link role creation flag (default to `true`)
+
+
 ## 0.2.1 (May 2, 2020)
 
 UPDATE:

README.md

@@ -121,6 +121,7 @@ module "aws_es" {
 | cognito\_options\_identity\_pool\_id | ID of the Cognito Identity Pool to use | `string` | `""` | no |
 | cognito\_options\_role\_arn | ARN of the IAM role that has the AmazonESCognitoAccess policy attached | `string` | `""` | no |
 | cognito\_options\_user\_pool\_id | ID of the Cognito User Pool to use | `string` | `""` | no |
+| create\_service\_link\_role | Create service link role for AWS Elasticsearch Service | `bool` | `true` | no |
 | domain\_name | Name of the domain | `string` | n/a | yes |
 | ebs\_enabled | Whether EBS volumes are attached to data nodes in the domain | `bool` | `true` | no |
 | ebs\_options | EBS related options, may be required based on chosen instance size | `map` | `{}` | no |

iam.tf

@@ -29,6 +29,7 @@ CONFIG
 
 # Service-linked role to give Amazon ES permissions to access your VPC
 resource "aws_iam_service_linked_role" "es" {
+  count            = var.create_service_link_role == true ? 1 : 0
   aws_service_name = "es.amazonaws.com"
   description      = "Service-linked role to give Amazon ES permissions to access your VPC"
 }

variables.tf

@@ -244,3 +244,10 @@ variable "timeouts_update" {
   type        = string
   default     = null
 }
+
+# Service Link Role
+variable "create_service_link_role" {
+  description = "Create service link role for AWS Elasticsearch Service"
+  type        = bool
+  default     = true
+}