Add extra task policies (#41)

* Add extra task policies

Co-authored-by: lzrocha <lzrocha@users.noreply.github.com>

Author: lzrocha

README.md

@@ -101,6 +101,7 @@ module "ecs_apps" {
 | efs\_lifecycle\_transition\_to\_primary\_storage\_class | Option to enable EFS Lifecycle Transaction to Primary Storage Class | `bool` | `false` | no |
 | enable\_schedule | Enables schedule to shut down and start up instances outside business hours. | `bool` | `false` | no |
 | extra\_certificate\_arns | Extra ACM certificates to add to ALB Listeners | `list(string)` | `[]` | no |
+| extra\_task\_policies\_arn | Extra policies to add to the task definition permissions | `list(string)` | `[]` | no |
 | fargate\_only | Enable when cluster is only for fargate and does not require ASG/EC2/EFS infrastructure | `bool` | `false` | no |
 | instance\_types | Instance type for ECS workers | `list(any)` | `[]` | no |
 | instance\_volume\_size | Volume size for docker volume (in GB). | `number` | `30` | no |

_variables.tf

@@ -354,4 +354,10 @@ variable "efs_lifecycle_transition_to_primary_storage_class" {
   type        = bool
   default     = false
   description = "Option to enable EFS Lifecycle Transaction to Primary Storage Class"
+}
+
+variable "extra_task_policies_arn" {
+  type        = list(string)
+  default     = []
+  description = "Extra policies to add to the task definition permissions"
 }

iam-ecs-task.tf

@@ -88,3 +88,9 @@ resource "aws_iam_role_policy" "s3_policy" {
 }
 EOF
 }
+
+resource "aws_iam_role_policy_attachment" "extra_task_policies_arn" {
+  for_each   = toset(try(var.extra_task_policies_arn, []))
+  role       = aws_iam_role.ecs_task.name
+  policy_arn = each.key
+}