diff options
author | Spike <avlampson+git@gmail.com> | 2019-04-07 22:03:31 +0100 |
---|---|---|
committer | Spike <avlampson+git@gmail.com> | 2019-04-07 22:03:31 +0100 |
commit | bb81085619769aca861ab5d5bbff86f71c9435d2 (patch) | |
tree | 80b45de34d9f0647c10e6d6fae5b408c21c190c5 /iam.tf | |
download | fundapp_demo-master.zip fundapp_demo-master.tar.gz fundapp_demo-master.tar.bz2 |
Diffstat (limited to 'iam.tf')
-rw-r--r-- | iam.tf | 53 |
1 files changed, 53 insertions, 0 deletions
@@ -0,0 +1,53 @@ +resource "aws_iam_role" "app_role" { + name = "app_role" + path = "/" + + assume_role_policy = <<EOF +{ + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Principal": { + "Service": "ec2.amazonaws.com" + }, + "Effect": "Allow", + "Sid": "" + } + ] +} +EOF +} + +data "aws_iam_policy" "app_policy_document" { + statement { + actions = ["sts:AssumeRole"] + resources = ["*"] + } + + statement { + actions = ["ec2:DescribeInstances"] + resources = ["*"] + } + + statement { + actions = ["s3:*"] + resources = ["*"] + } +} + +resource "aws_iam_policy" "app_policy" { + name = "app_policy" + path = "/" + policy = "${data.aws_iam_policy_document.app_policy_document.json}" +} + +resource "aws_iam_role_policy_attachment" "app_policy_attachment" { + role = "${aws_iam_role.app_role.name}" + policy_arn = "${aws_iam_policy.app_policy.arn}" +} + +resource "aws_iam_instance_profile" "app_profile" { + name = "app_profile" + role = "${aws_iam_role.app_role.name}" +} |