Skip to content
This repository has been archived by the owner on Sep 16, 2020. It is now read-only.

Commit

Permalink
Adds an IAM instance profile to PAS bucket access
Browse files Browse the repository at this point in the history 
[#154688828]

Signed-off-by: Ryan Moran <[email protected]>
  • Loading branch information
@davewalter
davewalter authored and Genevieve committed Feb 2, 2018
1 parent 374ddc5 commit b188ce4
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 0 deletions.
49 changes: 49 additions & 0 deletions iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,52 @@ resource "aws_iam_policy_attachment" "pas_user_policy" {
users = ["${aws_iam_user.iam_user.name}"]
policy_arn = "${aws_iam_policy.ert.arn}"
}

resource "aws_iam_role" "pas_bucket_access" {
name = "${var.env_name}_pas_bucket_access"

assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
]
}
EOF
}

resource "aws_iam_role_policy" "pas_bucket_access" {
name = "${var.env_name}_pas_bucket_access"
role = "${aws_iam_role.pas_bucket_access.id}"

policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [{
"Action": ["s3:*"],
"Effect": "Allow",
"Resource": [
"${aws_s3_bucket.buildpacks_bucket.arn}",
"${aws_s3_bucket.buildpacks_bucket.arn}/*",
"${aws_s3_bucket.droplets_bucket.arn}",
"${aws_s3_bucket.droplets_bucket.arn}/*",
"${aws_s3_bucket.packages_bucket.arn}",
"${aws_s3_bucket.packages_bucket.arn}/*",
"${aws_s3_bucket.resources_bucket.arn}",
"${aws_s3_bucket.resources_bucket.arn}/*"
]
}]
}
EOF
}

resource "aws_iam_instance_profile" "pas_bucket_access" {
name = "${var.env_name}_pas_bucket_access"
role = "${aws_iam_role.pas_bucket_access.name}"
}
4 changes: 4 additions & 0 deletions outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,10 @@ output "iam_user_secret_access_key" {
value = "${aws_iam_access_key.iam_user_access_key.secret}"
}

output "pas_bucket_iam_instance_profile_name" {
value = "${aws_iam_instance_profile.pas_bucket_access.name}"
}

output "rds_address" {
value = "${element(concat(aws_db_instance.rds.*.address, list("")), 0)}"
}
Expand Down

0 comments on commit b188ce4

Please sign in to comment.