Grant premissions for app secrets group (#29)

* Grant premissions for app secrets group

* Address PR comments

* Address PR comments

* Address PR comments

Author: goruha

aws/chamber/main.tf

@@ -28,6 +28,12 @@ variable "account_id" {
   description = "AWS account ID"
 }
 
+variable "parameter_groups" {
+  type        = "list"
+  description = "Parameter group names"
+  default     = ["kops", "app"]
+}
+
 provider "aws" {
   assume_role {
     role_arn = "${var.aws_assume_role_arn}"

aws/chamber/user.tf

@@ -1,13 +1,16 @@
 # Chamber user for CI/CD systems that cannot leverage IAM instance profiles
 # https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html
 module "chamber_user" {
-  source        = "git::https://github.com/cloudposse/terraform-aws-iam-chamber-user.git?ref=tags/0.1.4"
-  namespace     = "${var.namespace}"
-  stage         = "${var.stage}"
-  name          = "chamber"
-  attributes    = ["codefresh"]
-  kms_key_arn   = "${module.chamber_kms_key.key_arn}"
-  ssm_resources = ["${format("arn:aws:ssm:%s:%s:parameter/kops/*", var.region, var.account_id)}"]
+  source      = "git::https://github.com/cloudposse/terraform-aws-iam-chamber-user.git?ref=tags/0.1.5"
+  namespace   = "${var.namespace}"
+  stage       = "${var.stage}"
+  name        = "chamber"
+  attributes  = ["codefresh"]
+  kms_key_arn = "${module.chamber_kms_key.key_arn}"
+
+  ssm_resources = [
+    "${formatlist("arn:aws:ssm:%s:%s:parameter/%s/*", var.region, var.account_id, var.parameter_groups)}",
+  ]
 }
 
 output "chamber_user_name" {