diff options
Diffstat (limited to 'iam.tf')
-rw-r--r-- | iam.tf | 53 |
1 files changed, 53 insertions, 0 deletions
@@ -0,0 +1,53 @@ +resource "aws_iam_role" "app_role" { + name = "app_role" + path = "/" + + assume_role_policy = <<EOF +{ + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Principal": { + "Service": "ec2.amazonaws.com" + }, + "Effect": "Allow", + "Sid": "" + } + ] +} +EOF +} + +data "aws_iam_policy" "app_policy_document" { + statement { + actions = ["sts:AssumeRole"] + resources = ["*"] + } + + statement { + actions = ["ec2:DescribeInstances"] + resources = ["*"] + } + + statement { + actions = ["s3:*"] + resources = ["*"] + } +} + +resource "aws_iam_policy" "app_policy" { + name = "app_policy" + path = "/" + policy = "${data.aws_iam_policy_document.app_policy_document.json}" +} + +resource "aws_iam_role_policy_attachment" "app_policy_attachment" { + role = "${aws_iam_role.app_role.name}" + policy_arn = "${aws_iam_policy.app_policy.arn}" +} + +resource "aws_iam_instance_profile" "app_profile" { + name = "app_profile" + role = "${aws_iam_role.app_role.name}" +} |