Add EFS Authorization config linked to the share created by a module …

…or pass-in external config
hazelops · Oct 14, 2024 · 7682af9 · 7682af9
1 parent a1a2f9b
commit 7682af9
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/locals.tf b/locals.tf
@@ -94,13 +94,17 @@ locals {
           "readOnly"      = null
         }
 
+        # We are using efs share that is created by this module or existing efs file system
         efs_volume_configuration = [
           {
             file_system_id : var.efs_share_create ? module.efs.id : var.efs_file_system_id
             root_directory : var.efs_root_directory
             transit_encryption : "ENABLED"
             transit_encryption_port : 2999
-            authorization_config = {}
+            authorization_config : var.efs_share_create ? {
+              access_point_id : module.efs.access_point_ids[0]
+              iam             : "ENABLED"
+            } : var.efs_authorization_config
           }
         ]
       }

diff --git a/variables.tf b/variables.tf
@@ -609,6 +609,12 @@ variable "efs_root_directory" {
   default     = "/"
 }
 
+variable "efs_authorization_config" {
+  type = object({})
+  description = "EFS authorization config"
+  default = {}
+}
+
 variable "ecs_service_deployed" {
   type        = bool
   description = "This service resource doesn't have task definition lifecycle policy, so terraform is used to deploy it (instead of ecs cli or ize)"