feat: add InstanceProfile support for AWS edge location

Author: claudiolor

castai/resource_edge_location.go

@@ -56,6 +56,7 @@ type zoneModel struct {
 
 type awsModel struct {
 	AccountID         types.String `tfsdk:"account_id"`
+	InstanceProfile   types.String `tfsdk:"instance_profile"`
 	AccessKeyIDWO     types.String `tfsdk:"access_key_id_wo"`
 	SecretAccessKeyWO types.String `tfsdk:"secret_access_key_wo"`
 	VpcID             types.String `tfsdk:"vpc_id"`
@@ -97,7 +98,8 @@ func (m awsModel) Equal(other *awsModel) bool {
 		m.VpcID.Equal(other.VpcID) &&
 		m.VpcPeered.Equal(other.VpcPeered) &&
 		m.SecurityGroupID.Equal(other.SecurityGroupID) &&
-		m.SubnetIDs.Equal(other.SubnetIDs)
+		m.SubnetIDs.Equal(other.SubnetIDs) &&
+		m.InstanceProfile.Equal(other.InstanceProfile)
 }
 
 func (m gcpModel) credentials() types.String {
@@ -225,6 +227,10 @@ func (r *edgeLocationResource) Schema(_ context.Context, _ resource.SchemaReques
 						Required:    true,
 						Description: "AWS account ID",
 					},
+					"instance_profile": schema.StringAttribute{
+						Optional:    true,
+						Description: "AWS IAM instance profile ARN to be attached to edge instances. It can be used to grant permissions to access other AWS resources such as ECR.",
+					},
 					"access_key_id_wo": schema.StringAttribute{
 						Required:    true,
 						WriteOnly:   true,
@@ -688,8 +694,14 @@ func (r *edgeLocationResource) toAWS(ctx context.Context, plan, config *awsModel
 		return nil, diags
 	}
 
+	var instanceProfile *string
+	if !plan.InstanceProfile.IsNull() && plan.InstanceProfile.ValueString() != "" {
+		instanceProfile = lo.ToPtr(plan.InstanceProfile.ValueString())
+	}
+
 	out := &omni.AWSParam{
-		AccountId: toPtr(plan.AccountID.ValueString()),
+		AccountId:       toPtr(plan.AccountID.ValueString()),
+		InstanceProfile: instanceProfile,
 		Credentials: &omni.AWSParamCredentials{
 			AccessKeyId:     config.AccessKeyIDWO.ValueString(),
 			SecretAccessKey: config.SecretAccessKeyWO.ValueString(),
@@ -716,6 +728,7 @@ func (r *edgeLocationResource) toAWSModel(ctx context.Context, config *omni.AWSP
 
 	aws := &awsModel{
 		AccountID:         types.StringValue(lo.FromPtr(config.AccountId)),
+		InstanceProfile:   types.StringNull(),
 		VpcID:             types.StringNull(),
 		SecurityGroupID:   types.StringNull(),
 		VpcPeered:         types.BoolNull(),
@@ -725,6 +738,10 @@ func (r *edgeLocationResource) toAWSModel(ctx context.Context, config *omni.AWSP
 		SecretAccessKeyWO: types.StringNull(),
 	}
 
+	if config.InstanceProfile != nil && *config.InstanceProfile != "" {
+		aws.InstanceProfile = types.StringValue(*config.InstanceProfile)
+	}
+
 	if config.Networking != nil {
 		aws.VpcID = types.StringValue(config.Networking.VpcId)
 		aws.VpcPeered = types.BoolPointerValue(config.Networking.VpcPeered)

castai/resource_edge_location_test.go

@@ -34,6 +34,7 @@ func TestAccCloudAgnostic_ResourceEdgeLocationAWS(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "zones.1.id", "us-east-1b"),
 					resource.TestCheckResourceAttr(resourceName, "zones.1.name", "us-east-1b"),
 					resource.TestCheckResourceAttrSet(resourceName, "aws.account_id"),
+					resource.TestCheckResourceAttr(resourceName, "aws.instance_profile", "arn:aws:iam::123456789012:instance-profile/edge-node-profile"),
 					resource.TestCheckResourceAttrSet(resourceName, "aws.vpc_id"),
 					resource.TestCheckResourceAttrSet(resourceName, "aws.vpc_peered"),
 					resource.TestCheckResourceAttrSet(resourceName, "aws.security_group_id"),
@@ -216,6 +217,7 @@ resource "castai_edge_location" "test" {
 
   aws = {
     account_id           = "123456789012"
+    instance_profile     = "arn:aws:iam::123456789012:instance-profile/edge-node-profile"
     %[6]s
     vpc_id               = "vpc-12345678"
 	vpc_peered           = true