From d18ae45d9ebf8253f7144e6bdc6ef39af9a4863f Mon Sep 17 00:00:00 2001
From: Matt McLane <mmclane@docnetwork.org>
Date: Wed, 30 Aug 2023 19:59:28 -0400
Subject: [PATCH] feat: Add IAM role output (#22)

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
---
 .pre-commit-config.yaml                    |  2 +-
 README.md                                  |  3 +++
 examples/postgresql-iam-cluster/README.md  |  3 +++
 examples/postgresql-iam-cluster/outputs.tf | 16 ++++++++++++++++
 outputs.tf                                 | 16 ++++++++++++++++
 5 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index dabb150..dc907a5 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.80.0
+    rev: v1.83.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
diff --git a/README.md b/README.md
index 4444c09..4fcd4d5 100644
--- a/README.md
+++ b/README.md
@@ -141,6 +141,9 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_db_proxy_endpoints"></a> [db\_proxy\_endpoints](#output\_db\_proxy\_endpoints) | Array containing the full resource object and attributes for all DB proxy endpoints created |
+| <a name="output_iam_role_arn"></a> [iam\_role\_arn](#output\_iam\_role\_arn) | The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager. |
+| <a name="output_iam_role_name"></a> [iam\_role\_name](#output\_iam\_role\_name) | IAM role name |
+| <a name="output_iam_role_unique_id"></a> [iam\_role\_unique\_id](#output\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
 | <a name="output_log_group_arn"></a> [log\_group\_arn](#output\_log\_group\_arn) | The Amazon Resource Name (ARN) of the CloudWatch log group |
 | <a name="output_proxy_arn"></a> [proxy\_arn](#output\_proxy\_arn) | The Amazon Resource Name (ARN) for the proxy |
 | <a name="output_proxy_default_target_group_arn"></a> [proxy\_default\_target\_group\_arn](#output\_proxy\_default\_target\_group\_arn) | The Amazon Resource Name (ARN) for the default target group |
diff --git a/examples/postgresql-iam-cluster/README.md b/examples/postgresql-iam-cluster/README.md
index d895eb3..8bc91b8 100644
--- a/examples/postgresql-iam-cluster/README.md
+++ b/examples/postgresql-iam-cluster/README.md
@@ -63,6 +63,9 @@ No inputs.
 | Name | Description |
 |------|-------------|
 | <a name="output_db_proxy_endpoints"></a> [db\_proxy\_endpoints](#output\_db\_proxy\_endpoints) | Array containing the full resource object and attributes for all DB proxy endpoints created |
+| <a name="output_iam_role_arn"></a> [iam\_role\_arn](#output\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the role proxy uses to access secrets |
+| <a name="output_iam_role_name"></a> [iam\_role\_name](#output\_iam\_role\_name) | The name of the role proxy uses to access secrets |
+| <a name="output_iam_role_unique_id"></a> [iam\_role\_unique\_id](#output\_iam\_role\_unique\_id) | Stable and unique string identifying the role proxy uses to access secrets |
 | <a name="output_log_group_arn"></a> [log\_group\_arn](#output\_log\_group\_arn) | The Amazon Resource Name (ARN) of the CloudWatch log group |
 | <a name="output_proxy_arn"></a> [proxy\_arn](#output\_proxy\_arn) | The Amazon Resource Name (ARN) for the proxy |
 | <a name="output_proxy_default_target_group_arn"></a> [proxy\_default\_target\_group\_arn](#output\_proxy\_default\_target\_group\_arn) | The Amazon Resource Name (ARN) for the default target group |
diff --git a/examples/postgresql-iam-cluster/outputs.tf b/examples/postgresql-iam-cluster/outputs.tf
index 4b07beb..97f24a7 100644
--- a/examples/postgresql-iam-cluster/outputs.tf
+++ b/examples/postgresql-iam-cluster/outputs.tf
@@ -77,3 +77,19 @@ output "log_group_arn" {
   description = "The Amazon Resource Name (ARN) of the CloudWatch log group"
   value       = module.rds_proxy.log_group_arn
 }
+
+# IAM role
+output "iam_role_arn" {
+  description = "The Amazon Resource Name (ARN) specifying the role proxy uses to access secrets"
+  value       = module.rds_proxy.iam_role_arn
+}
+
+output "iam_role_name" {
+  description = "The name of the role proxy uses to access secrets"
+  value       = module.rds_proxy.iam_role_name
+}
+
+output "iam_role_unique_id" {
+  description = "Stable and unique string identifying the role proxy uses to access secrets"
+  value       = module.rds_proxy.iam_role_unique_id
+}
diff --git a/outputs.tf b/outputs.tf
index 06931ca..355b2b4 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -77,3 +77,19 @@ output "log_group_arn" {
   description = "The Amazon Resource Name (ARN) of the CloudWatch log group"
   value       = try(aws_cloudwatch_log_group.this[0].arn, null)
 }
+
+# IAM role
+output "iam_role_arn" {
+  description = "The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager."
+  value       = try(aws_iam_role.this[0].arn, null)
+}
+
+output "iam_role_name" {
+  description = "IAM role name"
+  value       = try(aws_iam_role.this[0].name, null)
+}
+
+output "iam_role_unique_id" {
+  description = "Stable and unique string identifying the IAM role"
+  value       = try(aws_iam_role.this[0].unique_id, null)
+}