65 lines
1.4 KiB
Terraform
65 lines
1.4 KiB
Terraform
|
resource "aws_iam_instance_profile" "instance_profile" {
|
||
|
name_prefix = "${local.random_name}"
|
||
|
role = "${aws_iam_role.instance_role.name}"
|
||
|
}
|
||
|
|
||
|
resource "aws_iam_role" "instance_role" {
|
||
|
name_prefix = "${local.random_name}"
|
||
|
assume_role_policy = "${data.aws_iam_policy_document.instance_role.json}"
|
||
|
}
|
||
|
|
||
|
data "aws_iam_policy_document" "instance_role" {
|
||
|
statement {
|
||
|
effect = "Allow"
|
||
|
actions = ["sts:AssumeRole"]
|
||
|
|
||
|
principals {
|
||
|
type = "Service"
|
||
|
identifiers = ["ec2.amazonaws.com"]
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
resource "aws_iam_role_policy" "auto_discover_cluster" {
|
||
|
name = "auto-discover-cluster"
|
||
|
role = "${aws_iam_role.instance_role.id}"
|
||
|
policy = "${data.aws_iam_policy_document.auto_discover_cluster.json}"
|
||
|
}
|
||
|
|
||
|
# Note: Overloading this instance profile to access
|
||
|
# test binaries, should be renamed.
|
||
|
data "aws_iam_policy_document" "auto_discover_cluster" {
|
||
|
statement {
|
||
|
effect = "Allow"
|
||
|
|
||
|
actions = [
|
||
|
"ec2:DescribeInstances",
|
||
|
"ec2:DescribeTags",
|
||
|
"autoscaling:DescribeAutoScalingGroups",
|
||
|
]
|
||
|
resources = ["*"]
|
||
|
}
|
||
|
|
||
|
statement {
|
||
|
effect = "Allow"
|
||
|
|
||
|
actions = [
|
||
|
"ec2:DescribeInstances",
|
||
|
"ec2:DescribeTags",
|
||
|
"autoscaling:DescribeAutoScalingGroups",
|
||
|
]
|
||
|
resources = ["*"]
|
||
|
}
|
||
|
|
||
|
statement {
|
||
|
effect = "Allow"
|
||
|
|
||
|
actions = [
|
||
|
"s3:PutObject",
|
||
|
"s3:GetObject",
|
||
|
"s3:DeleteObject"
|
||
|
]
|
||
|
resources = ["arn:aws:s3:::nomad-team-test-binary/*"]
|
||
|
}
|
||
|
}
|