From d2e5b3210791bf74a5a7e2cd69a614b6e2395001 Mon Sep 17 00:00:00 2001
From: Jason McIntosh <jason.mcintosh@armory.io>
Date: Fri, 16 Oct 2020 15:27:11 -0500
Subject: [PATCH 1/2] Add ability to utilize a permissions boundary

---
 main.tf      | 2 +-
 variables.tf | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 0421996..7b28b8a 100644
--- a/main.tf
+++ b/main.tf
@@ -64,7 +64,7 @@ resource "aws_iam_role" "this" {
   tags = var.aws_tags
 
   force_detach_policies = true
-
+  permissions_boundary = var.aws_iam_permissions_boundary_arn
   assume_role_policy = var.k8s_cluster_type == "vanilla" ? data.aws_iam_policy_document.ec2_assume_role[0].json : data.aws_iam_policy_document.eks_oidc_assume_role[0].json
 }
 
diff --git a/variables.tf b/variables.tf
index de9fe6e..c24c630 100644
--- a/variables.tf
+++ b/variables.tf
@@ -40,6 +40,12 @@ variable "aws_iam_path_prefix" {
   default     = ""
 }
 
+variable "aws_iam_permissions_boundary_arn" {
+  description = "Allows a permissions boundary on the IAM role to be set"
+  type        = string
+  default     = ""
+}
+
 variable "aws_vpc_id" {
   description = "ID of the Virtual Private Network to utilize. Can be ommited if targeting EKS."
   type        = string

From 55a41d60e04f5886eca07f5cc69719baa0784d37 Mon Sep 17 00:00:00 2001
From: Jason McIntosh <jason.mcintosh@armory.io>
Date: Tue, 20 Oct 2020 14:43:48 -0500
Subject: [PATCH 2/2] Allow passing an env configmap to control proxy settings

---
 main.tf      | 6 +++++-
 variables.tf | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 7b28b8a..14828ff 100644
--- a/main.tf
+++ b/main.tf
@@ -406,7 +406,11 @@ resource "kubernetes_deployment" "this" {
             "--aws-region=${local.aws_region_name}",
             "--aws-max-retries=10",
           ]
-
+          env_from {
+            config_map_ref {
+              name = var.k8s_env_config_map
+            }
+          }
           port {
             name           = "health"
             container_port = 10254
diff --git a/variables.tf b/variables.tf
index c24c630..79723d0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -21,6 +21,11 @@ variable "k8s_replicas" {
   default     = 1
 }
 
+variable "k8s_env_config_map" {
+  description = "Configmap reference for custom environment for autoscaling"
+  type = string
+  default = null
+}
 
 variable "k8s_pod_annotations" {
   description = "Additional annotations to be added to the Pods."