From 7682af92f2bda572fdf1434968fb49251c9617de Mon Sep 17 00:00:00 2001
From: Dmitry Kireev <dmitry@hazelops.com>
Date: Mon, 14 Oct 2024 16:07:00 +0000
Subject: [PATCH] Add EFS Authorization config linked to the share created by a
 module or pass-in external config

---
 locals.tf    | 6 +++++-
 variables.tf | 6 ++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/locals.tf b/locals.tf
index 90be808..16226b9 100644
--- a/locals.tf
+++ b/locals.tf
@@ -94,13 +94,17 @@ locals {
           "readOnly"      = null
         }
 
+        # We are using efs share that is created by this module or existing efs file system
         efs_volume_configuration = [
           {
             file_system_id : var.efs_share_create ? module.efs.id : var.efs_file_system_id
             root_directory : var.efs_root_directory
             transit_encryption : "ENABLED"
             transit_encryption_port : 2999
-            authorization_config = {}
+            authorization_config : var.efs_share_create ? {
+              access_point_id : module.efs.access_point_ids[0]
+              iam             : "ENABLED"
+            } : var.efs_authorization_config
           }
         ]
       }
diff --git a/variables.tf b/variables.tf
index 0db3588..200e70a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -609,6 +609,12 @@ variable "efs_root_directory" {
   default     = "/"
 }
 
+variable "efs_authorization_config" {
+  type = object({})
+  description = "EFS authorization config"
+  default = {}
+}
+
 variable "ecs_service_deployed" {
   type        = bool
   description = "This service resource doesn't have task definition lifecycle policy, so terraform is used to deploy it (instead of ecs cli or ize)"