1 files changed, 40 insertions, 0 deletions

diff --git a/terraform/iam.tf b/terraform/iam.tf
index 0286993..ed61946 100644
--- a/terraform/iam.tf
+++ b/terraform/iam.tf
@@ -26,3 +26,43 @@ resource "aws_iam_role_policy_attachment" "demo_cluster_AmazonEKSServicePolicy"
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
   role       = "${aws_iam_role.sensyne_demo_cluster.name}"
 }
+
+resource "aws_iam_role" "sensyne_demo_node" {
+  name = "sensyne_demo_node"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "demo_node_AmazonEKSWorkerNodePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+  role       = "${aws_iam_role.sensyne_demo_node.name}"
+}
+
+resource "aws_iam_role_policy_attachment" "demo_node_AmazonEKS_CNI_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+  role       = "${aws_iam_role.sensyne_demo_node.name}"
+}
+
+resource "aws_iam_role_policy_attachment" "demo_node_AmazonEC2ContainerRegistryReadOnly" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+  role       = "${aws_iam_role.sensyne_demo_node.name}"
+}
+
+resource "aws_iam_instance_profile" "sensyne_demo_node" {
+  name = "sensyne_demo_profile"
+  role = "${aws_iam_role.sensyne_demo_node.name}"
+}
+