diff options
Diffstat (limited to 'terraform/iam.tf')
-rw-r--r-- | terraform/iam.tf | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/terraform/iam.tf b/terraform/iam.tf index 0286993..ed61946 100644 --- a/terraform/iam.tf +++ b/terraform/iam.tf @@ -26,3 +26,43 @@ resource "aws_iam_role_policy_attachment" "demo_cluster_AmazonEKSServicePolicy" policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy" role = "${aws_iam_role.sensyne_demo_cluster.name}" } + +resource "aws_iam_role" "sensyne_demo_node" { + name = "sensyne_demo_node" + + assume_role_policy = <<POLICY +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] +} +POLICY +} + +resource "aws_iam_role_policy_attachment" "demo_node_AmazonEKSWorkerNodePolicy" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" + role = "${aws_iam_role.sensyne_demo_node.name}" +} + +resource "aws_iam_role_policy_attachment" "demo_node_AmazonEKS_CNI_Policy" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" + role = "${aws_iam_role.sensyne_demo_node.name}" +} + +resource "aws_iam_role_policy_attachment" "demo_node_AmazonEC2ContainerRegistryReadOnly" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + role = "${aws_iam_role.sensyne_demo_node.name}" +} + +resource "aws_iam_instance_profile" "sensyne_demo_node" { + name = "sensyne_demo_profile" + role = "${aws_iam_role.sensyne_demo_node.name}" +} + |