Skip to content

Commit

Permalink
Merge pull request #23 from telia-oss/tag-iam-role
Browse files Browse the repository at this point in the history
Tag iam role and fix instance_policy
  • Loading branch information
Kristian authored Jul 31, 2019
2 parents ecd8fe7 + 959a173 commit 140bc61
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 19 deletions.
12 changes: 11 additions & 1 deletion main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
resource "aws_iam_role" "main" {
name = "${var.name_prefix}-role"
assume_role_policy = data.aws_iam_policy_document.main.json
tags = merge(var.tags, { "Name" = "${var.name_prefix}-role" })
}

data "aws_iam_policy_document" "main" {
Expand All @@ -26,7 +27,16 @@ resource "aws_iam_instance_profile" "main" {
resource "aws_iam_role_policy" "main" {
name = "${var.name_prefix}-permissions"
role = aws_iam_role.main.id
policy = var.instance_policy
policy = coalesce(var.instance_policy, data.aws_iam_policy_document.placeholder.json)
}

data "aws_iam_policy_document" "placeholder" {
statement {
sid = "placeholder"
effect = "Deny"
not_actions = ["*"]
not_resources = ["*"]
}
}

resource "aws_security_group" "main" {
Expand Down
24 changes: 6 additions & 18 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@ variable "instance_ami" {
type = string
}

variable "instance_policy" {
description = "A policy document to apply to the instance profile."
type = string
default = ""
}

variable "instance_key" {
description = "The key name that should be used for the instance."
type = string
Expand Down Expand Up @@ -87,21 +93,3 @@ variable "tags" {
default = {}
}

variable "instance_policy" {
description = "A policy document to apply to the instance profile."
type = string
default = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "placeholder",
"Effect": "Deny",
"NotAction": "*",
"NotResource": "*"
}
]
}
EOF
}

0 comments on commit 140bc61

Please sign in to comment.