This commit is contained in:
commit
e2691f89e7
GPG key ID:
F92E51B86E07177E
14 changed files with 553 additions and 0 deletions
46
main.tf
Normal file
46
main.tf
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
module "aws_iam_role_core" {
|
||||
providers = { aws = aws.core }
|
||||
source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-role?depth=1&ref=1.0.0"
|
||||
|
||||
name = var.name
|
||||
policy_statements = jsonencode(concat(
|
||||
[
|
||||
{ # Read and Write access on the repository's own tofu state
|
||||
Action = [
|
||||
"s3:GetObject",
|
||||
"s3:PutObject",
|
||||
]
|
||||
Effect = "Allow"
|
||||
Resource = "arn:aws:s3:::adyxax-tofu-states/repositories/${var.name}"
|
||||
},
|
||||
{ # Read Write Delete access on the dynamoDB locks
|
||||
Action = [
|
||||
"dynamodb:DeleteItem",
|
||||
"dynamodb:GetItem",
|
||||
"dynamodb:PutItem",
|
||||
]
|
||||
Effect = "Allow"
|
||||
Resource = format(
|
||||
"arn:aws:dynamodb:eu-west-3:*:table/tofu-states",
|
||||
)
|
||||
},
|
||||
],
|
||||
jsondecode(var.core_policy_statements),
|
||||
))
|
||||
}
|
||||
|
||||
module "aws_iam_role_test" {
|
||||
providers = { aws = aws.tests }
|
||||
source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-role?depth=1&ref=1.0.0"
|
||||
|
||||
name = var.name
|
||||
policy_statements = var.tests_policy_statements
|
||||
}
|
||||
|
||||
module "aws_iam_user" {
|
||||
providers = { aws = aws.root }
|
||||
source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-user?depth=1&ref=1.0.0"
|
||||
|
||||
assume_role_account_names = ["core", "tests"]
|
||||
name = var.name
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue