Add support for adding additional policies to the capa controller role

Both inline and managed policies can  be added

capa-controller-role/giantswarm-capa-role.tf

@@ -183,3 +183,16 @@ resource "aws_iam_role_policy_attachment" "giantswarm_crossplane_policy_attachme
   role       = aws_iam_role.giantswarm_capa_controller_role.name
   policy_arn = aws_iam_policy.giantswarm_crossplane_policy.arn
 }
+
+resource "aws_iam_role_policy" "additional_inline_policies" {
+  for_each = var.additional_policies
+  name     = each.key
+  role     = aws_iam_role.giantswarm_capa_controller_role.name
+  policy   = each.value
+}
+
+resource "aws_iam_role_policy_attachment" "additional_policy_attachments" {
+  for_each   = toset(var.additional_policies_arns)
+  role       = aws_iam_role.giantswarm_capa_controller_role.name
+  policy_arn = each.value
+}

capa-controller-role/variables.tf

@@ -41,3 +41,15 @@ variable "import_existing" {
   description = "If true, the existing role and policies will be imported instead of created"
   default     = false
 }
+
+variable "additional_policies" {
+  type        = map(string)
+  description = "Map of additional policy documents to attach to the IAM role"
+  default     = {}
+}
+
+variable "additional_policies_arns" {
+  type        = list(string)
+  description = "List of ARNs of additional managed policies to attach to the role"
+  default     = []
+}