feat: support multiple service accounts to assume role

msvticket · msvticket · commit e309e5b177a0 · 2025-11-03T12:31:37.000+01:00
diff --git a/main.tf b/main.tf
@@ -144,7 +144,7 @@ data "aws_iam_policy_document" "assume_role" {
       condition {
         test     = "StringLike"
         variable = join(":", [var.iam_irsa_openid_connect_provider_url, "sub"])
-        values   = [var.iam_irsa_service_account]
+        values   = compact(concat([var.iam_irsa_service_account], var.iam_irsa_service_accounts))
       }
     }
   }
diff --git a/variables.tf b/variables.tf
@@ -142,6 +142,12 @@ variable "iam_irsa_service_account" {
   description = "Kubernetes ServiceAccount to allow to access the Elastic Domain via IRSA"
 }
 
+variable "iam_irsa_service_accounts" {
+  type        = list(string)
+  default     = []
+  description = "Kubernetes ServiceAccounts to allow to access the Elastic Domain via IRSA"
+}
+
 variable "zone_awareness_enabled" {
   type        = bool
   default     = true

Original file line number	Diff line number	Diff line change
`@@ -144,7 +144,7 @@ data "aws_iam_policy_document" "assume_role" {`
`144`	`144`	`condition {`
`145`	`145`	`test = "StringLike"`
`146`	`146`	`variable = join(":", [var.iam_irsa_openid_connect_provider_url, "sub"])`
`147`		`- values = [var.iam_irsa_service_account]`
	`147`	`+ values = compact(concat([var.iam_irsa_service_account], var.iam_irsa_service_accounts))`
`148`	`148`	`}`
`149`	`149`	`}`
`150`	`150`	`}`