[breaking] Modified infraci role to accept a list of dyanmodb table arns (#130)

* testing change with list of arns

* allowing infraci to accept multiple dynamodb table arns

* removed duplicates from arn list in dynamic statement

* unique SIDs

Author: kuannie1

aws-iam-role-infraci/README.md

@@ -10,7 +10,7 @@ Creates a role useful for running `terraform plan` in CI jobs.
 | iam\_path |  | string | `"/"` | no |
 | role\_name |  | string | `"infraci"` | no |
 | source\_account\_id |  | string | n/a | yes |
-| terraform\_state\_lock\_dynamodb\_arn | "The unique identifier (ARN) of the state file DynamoDB table" | string | `""` | yes |
+| terraform\_state\_lock\_dynamodb\_arns | "A list of unique identifiers (ARNs) of state file DynamoDB tables" | string | `[]` | yes |
 
 ## Outputs
 

aws-iam-role-infraci/main.tf

@@ -66,11 +66,11 @@ data "aws_iam_policy_document" "secrets" {
 
   dynamic statement {
 
-    for_each = compact([var.terraform_state_lock_dynamodb_arn])
+    for_each = var.terraform_state_lock_dynamodb_arns
 
 
     content {
-      sid = "statefileaccess"
+      sid = "statefileaccess${statement.key}"
 
       actions = [
         "dynamodb:GetItem",

aws-iam-role-infraci/variables.tf

@@ -10,8 +10,8 @@ variable "iam_path" {
   default = "/"
 }
 
-variable "terraform_state_lock_dynamodb_arn" {
-  type        = "string"
-  default     = ""
-  description = "The ARN of the state file DynamoDB table"
+variable "terraform_state_lock_dynamodb_arns" {
+  type        = list(string)
+  default     = []
+  description = "ARNs of the state file DynamoDB tables"
 }