claranet · reisingerf · Aug 23, 2018 · Oct 16, 2018 · Oct 17, 2018 · Feb 20, 2019
diff --git a/README.md b/README.md
@@ -34,6 +34,8 @@ module "lambda" {
   // Attach a policy.
   attach_policy = true
   policy        = "${data.aws_iam_policy_document.lambda.json}"
+  attach_policy_arn = true
+  policy_arn    = "${data.aws_iam_policy.lambda.arn}"
 
   // Add a dead letter queue.
   attach_dead_letter_config = true
@@ -70,6 +72,7 @@ function name unique per region, for example by setting
 |------|-------------|:----:|:-----:|:-----:|
 | attach_dead_letter_config | Set this to true if using the dead_letter_config variable | string | `false` | no |
 | attach_policy | Set this to true if using the policy variable | string | `false` | no |
+| attach_policy_arn | Set this to true if using the policy_arn variable | string | `false` | no |
 | attach_vpc_config | Set this to true if using the vpc_config variable | string | `false` | no |
 | dead_letter_config | Dead letter configuration for the Lambda function | map | `<map>` | no |
 | description | Description of what your Lambda function does | string | `Managed by Terraform` | no |
@@ -78,6 +81,7 @@ function name unique per region, for example by setting
 | handler | The function entrypoint in your code | string | - | yes |
 | memory_size | Amount of memory in MB your Lambda function can use at runtime | string | `128` | no |
 | policy | An addional policy to attach to the Lambda function | string | `` | no |
+| policy_arn | An addional policy (ARN) to attach to the Lambda function | string | `` | no |
 | reserved_concurrent_executions | The amount of reserved concurrent executions for this Lambda function | string | `0` | no |
 | runtime | The runtime environment for the Lambda function | string | - | yes |
 | source_path | The source file or directory containing your Lambda source code | string | - | yes |

diff --git a/iam.tf b/iam.tf
@@ -126,6 +126,12 @@ resource "aws_iam_policy_attachment" "network" {
 
 # Attach an additional policy if provided.
 
+resource "aws_iam_role_policy_attachment" "additional" {
+  count      = "${var.attach_policy_arn ? 1 : 0}"
+  role       = "${aws_iam_role.lambda.name}"
+  policy_arn = "${var.policy_arn}"
+}
+
 resource "aws_iam_policy" "additional" {
   count = "${var.attach_policy ? 1 : 0}"
 

diff --git a/variables.tf b/variables.tf
@@ -78,12 +78,24 @@ variable "tags" {
   default     = {}
 }
 
+variable "policy_arn" {
+  description = "An addional policy (ARN) to attach to the Lambda function"
+  type        = "string"
+  default     = ""
+}
+
 variable "policy" {
   description = "An addional policy to attach to the Lambda function"
   type        = "string"
   default     = ""
 }
 
+variable "attach_policy_arn" {
+  description = "Set this to true if using the policy_arn variable"
+  type        = "string"
+  default     = false
+}
+
 variable "attach_policy" {
   description = "Set this to true if using the policy variable"
   type        = "string"