[ADD] (Optional) permission boundary for task execution IAM role (#8)

Author: ovcharenko

main.tf

@@ -2,8 +2,9 @@
 # AWS ECS Task Execution Role
 #------------------------------------------------------------------------------
 resource "aws_iam_role" "ecs_task_execution_role" {
-  name               = "${var.name_prefix}-ecs-task-execution-role"
-  assume_role_policy = file("${path.module}/files/iam/ecs_task_execution_iam_role.json")
+  name                 = "${var.name_prefix}-ecs-task-execution-role"
+  assume_role_policy   = file("${path.module}/files/iam/ecs_task_execution_iam_role.json")
+  permissions_boundary = var.permissions_boundary
 }
 
 resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_policy_attach" {

variables.tf

@@ -316,6 +316,12 @@ variable "docker_security_options" {
 #------------------------------------------------------------------------------
 # AWS ECS Task Definition Variables
 #------------------------------------------------------------------------------
+variable "permissions_boundary" {
+  description = "(Optional) The ARN of the policy that is used to set the permissions boundary for the `ecs_task_execution_role` role."
+  type        = string
+  default     = null
+}
+
 variable "task_role_arn" {
   description = "(Optional) The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services. If not specified, `aws_iam_role.ecs_task_execution_role.arn` is used"
   type        = string