diff options
author | Spike <avlampson+git@gmail.com> | 2019-05-09 14:18:09 +0100 |
---|---|---|
committer | Spike <avlampson+git@gmail.com> | 2019-05-09 14:18:09 +0100 |
commit | 1c0b57878c9ac06b707ce52a2f381b244f4ea7ac (patch) | |
tree | 12eb7a493152732852535c2e424e00fe20ba6896 /terraform/iam.tf | |
parent | 3057ba38e7d47b79bd7872e12e70a9f46057a4bc (diff) | |
download | sensyne_demo-1c0b57878c9ac06b707ce52a2f381b244f4ea7ac.zip sensyne_demo-1c0b57878c9ac06b707ce52a2f381b244f4ea7ac.tar.gz sensyne_demo-1c0b57878c9ac06b707ce52a2f381b244f4ea7ac.tar.bz2 |
Adding cluster, and security groups to allow comms with worker nodes
Diffstat (limited to 'terraform/iam.tf')
-rw-r--r-- | terraform/iam.tf | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/terraform/iam.tf b/terraform/iam.tf index 0286993..ed61946 100644 --- a/terraform/iam.tf +++ b/terraform/iam.tf @@ -26,3 +26,43 @@ resource "aws_iam_role_policy_attachment" "demo_cluster_AmazonEKSServicePolicy" policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy" role = "${aws_iam_role.sensyne_demo_cluster.name}" } + +resource "aws_iam_role" "sensyne_demo_node" { + name = "sensyne_demo_node" + + assume_role_policy = <<POLICY +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] +} +POLICY +} + +resource "aws_iam_role_policy_attachment" "demo_node_AmazonEKSWorkerNodePolicy" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" + role = "${aws_iam_role.sensyne_demo_node.name}" +} + +resource "aws_iam_role_policy_attachment" "demo_node_AmazonEKS_CNI_Policy" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" + role = "${aws_iam_role.sensyne_demo_node.name}" +} + +resource "aws_iam_role_policy_attachment" "demo_node_AmazonEC2ContainerRegistryReadOnly" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + role = "${aws_iam_role.sensyne_demo_node.name}" +} + +resource "aws_iam_instance_profile" "sensyne_demo_node" { + name = "sensyne_demo_profile" + role = "${aws_iam_role.sensyne_demo_node.name}" +} + |