-
-
Notifications
You must be signed in to change notification settings - Fork 3
/
iam.tf
64 lines (53 loc) · 2.51 KB
/
iam.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#------------------------------------------------------------------------------
# AWS IAM Roles and Policies
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Roles and policies for Nomad servers
#------------------------------------------------------------------------------
## Create IAM role
resource "aws_iam_role" "ec2_describe_role" {
name = "${var.names_prefix}_ec2_describe_role"
assume_role_policy = file("${path.module}/iam_files/iam_role_ec2_describe.json")
}
## Create IAM policy
resource "aws_iam_policy" "ec2_describe_policy" {
name = "${var.names_prefix}_ec2_describe_policy"
description = "Allows EC2 Instances to Describe Other EC2 Instances"
policy = file("${path.module}/iam_files/iam_policy_ec2_describe.json")
}
## Attach the policy to the role
resource "aws_iam_policy_attachment" "ec2_describe_attach_policy" {
name = "${var.names_prefix}_ec2_describe_attach"
roles = [aws_iam_role.ec2_describe_role.name]
policy_arn = aws_iam_policy.ec2_describe_policy.arn
}
## Create the instance profile
resource "aws_iam_instance_profile" "ec2_describe_instance_profile" {
name = "${var.names_prefix}_ec2_describe_instance_profile"
role = aws_iam_role.ec2_describe_role.name
}
#------------------------------------------------------------------------------
# Roles and policies for Nomad clients
#------------------------------------------------------------------------------
## Create IAM role
resource "aws_iam_role" "push_to_ecr_role" {
name = "${var.names_prefix}_push_to_ecr_role"
assume_role_policy = file("${path.module}/iam_files/iam_role_ec2_describe.json")
}
## Create IAM policy to allow the push of docker images to ECR
resource "aws_iam_policy" "push_to_ecr_policy" {
name = "${var.names_prefix}_push_to_ecr_policy"
description = "Allow EC2 instances to push docker images to ECR registry"
policy = file("${path.module}/iam_files/iam_policy_push_to_ecr.json")
}
## Attach the policy to the role
resource "aws_iam_policy_attachment" "push_to_ecr_attach_policy" {
name = "${var.names_prefix}_push_to_ecr_attach"
roles = [aws_iam_role.push_to_ecr_role.name]
policy_arn = aws_iam_policy.push_to_ecr_policy.arn
}
## Create an instance profile
resource "aws_iam_instance_profile" "ecr_role_instance_profile" {
name = "${var.names_prefix}_push_to_ecr_instance_profile"
role = aws_iam_role.push_to_ecr_role.name
}