variable "policy_name" {
  description = "Name of the IAM policy"
  type        = string
}

variable "policy_description" {
  description = "Description of the IAM policy"
  type        = string
  default     = ""
}

variable "bucket_arns" {
  description = "List of S3 bucket ARNs to grant access to"
  type        = list(string)
}

variable "actions" {
  description = "List of S3 actions to allow (e.g., ['s3:GetObject'], ['s3:PutObject'], ['s3:DeleteObject'])"
  type        = list(string)
  default     = ["s3:GetObject"]
}

variable "resource_paths" {
  description = "List of resource paths within buckets (e.g., ['/*'] for all objects, ['/specific-prefix/*'] for specific prefix)"
  type        = list(string)
  default     = ["/*"]
}

variable "conditions" {
  description = "Optional IAM policy conditions to apply to the statement"
  type        = any
  default     = null
}

variable "tags" {
  description = "Tags to apply to the policy"
  type        = map(string)
  default     = {}
}