Adds option for additional trusted arns.

base/iam/main.tf

@@ -2,7 +2,8 @@ module "iam_roles" {
   source = "../../submodules/iam/child_account_roles"
   account_alias = var.account_alias
 
-  assume_role_trusted_arns  = [
-    "arn:${var.aws_partition}:iam::${var.common_services_account}:role/user/mdr_engineer_readonly",
-  ]
+  assume_role_trusted_arns = concat(
+    [ "arn:${var.aws_partition}:iam::${var.common_services_account}:role/user/mdr_engineer_readonly" ],
+    var.iam_additional_trusted_arns
+  )
 }

base/iam/vars.tf

@@ -1,4 +1,4 @@
-# No local module inputs (yet)
+# local module inputs
 
 # ----------------------------------
 # Below this line are variables inherited from higher levels, so they
@@ -7,6 +7,12 @@ variable "account_alias" {
   type = string
 }
 
+variable "iam_additional_trusted_arns" {
+  description = "Additional ARNs to trust in the roles"
+  type = list
+  default = [ ]
+}
+
 # ----------------------------------
 # Required for remote state, though they can be used elsewhere
 variable "remote_state_bucket" {