tykayn/ng-implementation
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ng-implementation/iam.tf
LEMOINE Baptiste - EXT-SAVANE CONSULTING GROUP (SAFRAN AIRCRAFT ENGINES) e31fdc2c02 up structure for tf
2025-09-19 10:09:31 +02:00

83 lines
No EOL
3.6 KiB
HCL
Raw Blame History

# Lambda Execution Role
resource "aws_iam_role_policy_attachment" "lambda_execution_role_policy_attachement_1" {
role = data.aws_ssm_parameter.lambda_role_name.value
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
}
resource "aws_iam_policy" "lambda_execution_role_policy" {
name = "${local.name_prefix}-lambda-execution-role-policy"
description = "A custom policy for Lambda to access ECR backend repository"
policy = data.aws_iam_policy_document.lambda_execution_role_policy.json
tags = merge(local.required_tags, var.tags)
}
resource "aws_iam_role_policy_attachment" "lambda_role_policy_attachement_2" {
role = data.aws_ssm_parameter.lambda_role_name.value
policy_arn = aws_iam_policy.lambda_execution_role_policy.arn
}
# Api Gateway Execution Role
resource "aws_iam_role" "api_gateway_execution_role" {
name = "${local.name_prefix}-api-gateway-execution-role"
assume_role_policy = data.aws_iam_policy_document.api_gateway_execution_assume_role_policy.json
tags = merge(local.required_tags)
}
resource "aws_iam_policy" "api_gateway_execution_role_policy" {
name = "${local.name_prefix}-api_gateway_execution-role-policy"
description = "A custom policy for Api Gateway executions"
policy = data.aws_iam_policy_document.api_gateway_execution_role_policy.json
tags = merge(local.required_tags, var.tags)
}
resource "aws_iam_role_policy_attachment" "api_gateway_execution_role_policy_attachement_1" {
role = aws_iam_role.api_gateway_execution_role.name
policy_arn = aws_iam_policy.api_gateway_execution_role_policy.arn
}
# Api Gateway Cloudwatch Role
resource "aws_iam_role" "api_gateway_cloudwatch_role" {
name = "${local.name_prefix}-api-gateway-cloudwatch-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
tags = merge(local.required_tags)
}
resource "aws_iam_role_policy" "api_gateway_cloudwatch_role_policy" {
name = "${local.name_prefix}-cloudwatch-policy"
role = aws_iam_role.api_gateway_cloudwatch_role.id
policy = data.aws_iam_policy_document.cloudwatch.json
}
# Frontend ECS role policy
resource "aws_iam_policy" "frontend_ecs_task_role_policy" {
name = "${local.name_prefix}-frontend_ecs_task_role-policy"
description = "A custom policy ecs_task_role_frontend"
policy = data.aws_iam_policy_document.frontend_ecs_task_role_policy.json
tags = merge(local.required_tags, var.tags)
}
resource "aws_iam_role_policy_attachment" "frontend_ecs_task_role_policy_attachement_1" {
role = data.aws_ssm_parameter.ecs_task_role_frontend_name.value
policy_arn = aws_iam_policy.frontend_ecs_task_role_policy.arn
}
# Adding rights to devops roles
# resource "aws_iam_policy" "sagemaker_for_devops_roles_policy" {
# name = "${local.name_prefix}-sagemaker-for-devops-roles-policy"
# description = "A custom sagemaker_for_devops_roles_policy"
# policy = data.aws_iam_policy_document.sagemaker_for_devops_roles_document.json
# tags = merge(local.required_tags, var.tags)
# }
# resource "aws_iam_role_policy_attachment" "sagemaker_for_devops_roles_policy_attach_1" {
# for_each = toset(data.aws_iam_roles.devops_roles.names)
# role = each.value
# policy_arn = aws_iam_policy.sagemaker_for_devops_roles_policy.arn
# }
Reference in a new issue View git blame Copy permalink