variable "environment" {
  type        = string
  description = "A name identifying a type of resource i.e., qa, staging, release"
}

variable "name" {
  type        = string
  description = "Name of service"
}

variable "worker_role" {
  type        = string
  description = "The IAM role arn for the EKS worker nodes"
}

locals {
  target_roles = compact([var.worker_role])
}

# current account
data "aws_caller_identity" "current" {
}

# IAM role, profile, and policy associated with the service
data "aws_iam_policy_document" "ec2" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = ["ec2.amazonaws.com"]
    }

    effect = "Allow"
  }

  statement {
    effect = "Allow"

    actions = [
      "sts:AssumeRole",
    ]

    principals {
      type = "AWS"
      
      identifiers = local.target_roles
    }
  }
}

resource "aws_iam_role" "app" {
  name               = "${var.environment}-${var.name}"
  assume_role_policy = data.aws_iam_policy_document.ec2.json
}

output "arn" {
  value = aws_iam_role.app.arn
}

output "id" {
  value = aws_iam_role.app.id
}

output "unique_id" {
  value = aws_iam_role.app.unique_id
}