From e100791e03fce3111eaebf6d9cc0aad7bc4d6c6e Mon Sep 17 00:00:00 2001
From: Nada Jankovic <jankovicna@gmail.com>
Date: Tue, 14 Feb 2023 10:03:42 -0500
Subject: [PATCH] feat: Add optional path variable for the
 platform_team_eks_access aws_iam_policy (#1431)

Co-authored-by: nada.jankovic <nada.jankovic@monitoredsecurity.com>
---
 modules/aws-eks-teams/README.md    | 1 +
 modules/aws-eks-teams/main.tf      | 2 +-
 modules/aws-eks-teams/variables.tf | 6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/modules/aws-eks-teams/README.md b/modules/aws-eks-teams/README.md
index 87b49bf2ae..2b362d5509 100644
--- a/modules/aws-eks-teams/README.md
+++ b/modules/aws-eks-teams/README.md
@@ -164,6 +164,7 @@ No modules.
 | <a name="input_application_teams"></a> [application\_teams](#input\_application\_teams) | Map of maps of teams to create | `any` | `{}` | no |
 | <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster name | `string` | n/a | yes |
 | <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no |
+| <a name="input_path"></a> [path](#input\_path) | Path in which to create the platform\_team\_eks\_access policy | `string` | `"/"` | no |
 | <a name="input_platform_teams"></a> [platform\_teams](#input\_platform\_teams) | Map of maps of teams to create | `any` | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
 
diff --git a/modules/aws-eks-teams/main.tf b/modules/aws-eks-teams/main.tf
index 01478fc7dd..62ad234c4e 100644
--- a/modules/aws-eks-teams/main.tf
+++ b/modules/aws-eks-teams/main.tf
@@ -205,7 +205,7 @@ resource "aws_iam_role" "platform_team" {
 resource "aws_iam_policy" "platform_team_eks_access" {
   count       = length(var.platform_teams) > 0 ? 1 : 0
   name        = "${var.eks_cluster_id}-PlatformTeamEKSAccess"
-  path        = "/"
+  path        = var.path
   description = "Platform Team EKS Console Access"
   policy      = data.aws_iam_policy_document.platform_team_eks_access[0].json
   tags        = var.tags
diff --git a/modules/aws-eks-teams/variables.tf b/modules/aws-eks-teams/variables.tf
index ca279637f7..cc4af44feb 100644
--- a/modules/aws-eks-teams/variables.tf
+++ b/modules/aws-eks-teams/variables.tf
@@ -26,3 +26,9 @@ variable "iam_role_permissions_boundary" {
   type        = string
   default     = null
 }
+
+variable "path" {
+  description = "Path in which to create the platform_team_eks_access policy"
+  type        = string
+  default     = "/"
+}