From c38cc435d56a0d878d1726f179b17dfac881c62a Mon Sep 17 00:00:00 2001
From: Chris Schreiber <chriss@liatrio.com>
Date: Fri, 23 Sep 2022 16:18:14 -0700
Subject: [PATCH 1/2] feat: add iam role for aws-terraform runner

---
 .../aws/sharedsvc/github-runners.tf               | 15 +++++++++++++++
 stages/cloud-provider/aws/sharedsvc/outputs.tf    |  4 ++++
 2 files changed, 19 insertions(+)

diff --git a/stages/cloud-provider/aws/sharedsvc/github-runners.tf b/stages/cloud-provider/aws/sharedsvc/github-runners.tf
index 9d8e5816..3cd3559a 100644
--- a/stages/cloud-provider/aws/sharedsvc/github-runners.tf
+++ b/stages/cloud-provider/aws/sharedsvc/github-runners.tf
@@ -29,3 +29,18 @@ module "lead_terraform_pipeline_iam" {
   namespace                           = var.github_runners_namespace
   roles                               = var.lead_terraform_pipeline_roles
 }
+
+module "lead_terraform_github_runner_iam" {
+  source = "../../../../modules/environment/aws/iam/github-runner-iam"
+
+  name                                = "liatrio-aws-terraform-runners"
+  service_account_name                = "liatrio-aws-terraform-runners"
+  aws_iam_openid_connect_provider_arn = module.eks.aws_iam_openid_connect_provider_arn
+  aws_iam_openid_connect_provider_url = module.eks.aws_iam_openid_connect_provider_url
+  namespace                           = var.github_runners_namespace
+  roles                               = [
+    "arn:aws:iam::489130170427:role/Developer", // prod
+    "arn:aws:iam::281127131043:role/Developer", // non-prod
+    "arn:aws:iam::774051255656:role/Developer", // sandbox
+  ]
+}
diff --git a/stages/cloud-provider/aws/sharedsvc/outputs.tf b/stages/cloud-provider/aws/sharedsvc/outputs.tf
index df824998..ebdf32a2 100644
--- a/stages/cloud-provider/aws/sharedsvc/outputs.tf
+++ b/stages/cloud-provider/aws/sharedsvc/outputs.tf
@@ -71,6 +71,10 @@ output "lead_terraform_pipeline_service_account_arn" {
   value = module.lead_terraform_pipeline_iam.role_arn
 }
 
+output "aws_terraform_github_iam_role_arn" {
+  value = module.lead_terraform_github_runner_iam.role_arn
+}
+
 output "atlantis_service_account_arn" {
   value = aws_iam_role.atlantis_service_account.arn
 }

From a2070f13dea99d6a89e11fcb2e2508319c6d2648 Mon Sep 17 00:00:00 2001
From: Chris Schreiber <chriss@liatrio.com>
Date: Tue, 27 Sep 2022 08:14:52 -0700
Subject: [PATCH 2/2] style: terraform fmt

---
 stages/cloud-provider/aws/sharedsvc/github-runners.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stages/cloud-provider/aws/sharedsvc/github-runners.tf b/stages/cloud-provider/aws/sharedsvc/github-runners.tf
index 3cd3559a..7d41867b 100644
--- a/stages/cloud-provider/aws/sharedsvc/github-runners.tf
+++ b/stages/cloud-provider/aws/sharedsvc/github-runners.tf
@@ -38,7 +38,7 @@ module "lead_terraform_github_runner_iam" {
   aws_iam_openid_connect_provider_arn = module.eks.aws_iam_openid_connect_provider_arn
   aws_iam_openid_connect_provider_url = module.eks.aws_iam_openid_connect_provider_url
   namespace                           = var.github_runners_namespace
-  roles                               = [
+  roles = [
     "arn:aws:iam::489130170427:role/Developer", // prod
     "arn:aws:iam::281127131043:role/Developer", // non-prod
     "arn:aws:iam::774051255656:role/Developer", // sandbox