open-nomad/e2e/terraform/iam.tf
2018-12-17 11:40:09 -06:00

65 lines
1.4 KiB
HCL

resource "aws_iam_instance_profile" "instance_profile" {
name_prefix = "${local.random_name}"
role = "${aws_iam_role.instance_role.name}"
}
resource "aws_iam_role" "instance_role" {
name_prefix = "${local.random_name}"
assume_role_policy = "${data.aws_iam_policy_document.instance_role.json}"
}
data "aws_iam_policy_document" "instance_role" {
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
resource "aws_iam_role_policy" "auto_discover_cluster" {
name = "auto-discover-cluster"
role = "${aws_iam_role.instance_role.id}"
policy = "${data.aws_iam_policy_document.auto_discover_cluster.json}"
}
# Note: Overloading this instance profile to access
# test binaries, should be renamed.
data "aws_iam_policy_document" "auto_discover_cluster" {
statement {
effect = "Allow"
actions = [
"ec2:DescribeInstances",
"ec2:DescribeTags",
"autoscaling:DescribeAutoScalingGroups",
]
resources = ["*"]
}
statement {
effect = "Allow"
actions = [
"ec2:DescribeInstances",
"ec2:DescribeTags",
"autoscaling:DescribeAutoScalingGroups",
]
resources = ["*"]
}
statement {
effect = "Allow"
actions = [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
]
resources = ["arn:aws:s3:::nomad-team-test-binary/*"]
}
}