From c6124cf0a0ea5473b5e87a4be7531a3066cef85f Mon Sep 17 00:00:00 2001
From: aditya <7adityaraj@gmail.com>
Date: Sun, 13 Apr 2025 16:13:35 +0300
Subject: [PATCH] Allow user to add additonal IAM policy

---
 iam.tf       | 9 ++++++++-
 variables.tf | 6 ++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/iam.tf b/iam.tf
index fccc826..a29f5cb 100644
--- a/iam.tf
+++ b/iam.tf
@@ -287,10 +287,17 @@ resource "aws_iam_policy" "this" {
   path        = "/"
   description = "Policy for aws-load-balancer-controller service"
 
-  policy = data.aws_iam_policy_document.this[0].json
+  policy = data.aws_iam_policy_document.combine_additional_policy.json
   tags   = var.irsa_tags
 }
 
+data "aws_iam_policy_document" "combine_additional_policy" {
+  source_policy_documents   = [
+    data.aws_iam_policy_document.this[0].json,
+    var.additional_iam_policy
+  ]
+}
+
 data "aws_iam_policy_document" "this_assume" {
   count = local.irsa_role_create ? 1 : 0
 
diff --git a/variables.tf b/variables.tf
index a7dc5a5..613defe 100644
--- a/variables.tf
+++ b/variables.tf
@@ -408,3 +408,9 @@ variable "aws_partition" {
   default     = "aws"
   description = "AWS partition in which the resources are located. Available values are `aws`, `aws-cn`, `aws-us-gov`"
 }
+
+variable "additional_iam_policy" {
+  type        = string
+  default     = "{}"
+  description = "Allow to Update additional IAM policy for aws-load-balancer-controller service."
+}