46 lines
1.3 KiB
HCL
46 lines
1.3 KiB
HCL
module "aws_iam_role_core" {
|
|
providers = { aws = aws.core }
|
|
source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-role?depth=1&ref=1.0.0"
|
|
|
|
name = var.name
|
|
policy_statements = jsonencode(concat(
|
|
[
|
|
{ # Read and Write access on the repository's own tofu state
|
|
Action = [
|
|
"s3:GetObject",
|
|
"s3:PutObject",
|
|
]
|
|
Effect = "Allow"
|
|
Resource = "arn:aws:s3:::adyxax-tofu-states/repositories/${var.name}"
|
|
},
|
|
{ # Read Write Delete access on the dynamoDB locks
|
|
Action = [
|
|
"dynamodb:DeleteItem",
|
|
"dynamodb:GetItem",
|
|
"dynamodb:PutItem",
|
|
]
|
|
Effect = "Allow"
|
|
Resource = format(
|
|
"arn:aws:dynamodb:eu-west-3:*:table/tofu-states",
|
|
)
|
|
},
|
|
],
|
|
jsondecode(var.core_policy_statements),
|
|
))
|
|
}
|
|
|
|
module "aws_iam_role_test" {
|
|
providers = { aws = aws.tests }
|
|
source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-role?depth=1&ref=1.0.0"
|
|
|
|
name = var.name
|
|
policy_statements = var.tests_policy_statements
|
|
}
|
|
|
|
module "aws_iam_user" {
|
|
providers = { aws = aws.root }
|
|
source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-user?depth=1&ref=1.0.0"
|
|
|
|
assume_role_account_names = ["core", "tests"]
|
|
name = var.name
|
|
}
|