diff --git a/modules/security_identity_compliance/rackspace-role/main.tf b/modules/security_identity_compliance/rackspace-role/main.tf deleted file mode 100644 index dee40fc..0000000 --- a/modules/security_identity_compliance/rackspace-role/main.tf +++ /dev/null @@ -1,108 +0,0 @@ -data aws_caller_identity this {} - -data aws_iam_policy_document assume-role-policy { - statement { - sid = "RackspaceRoleTrustPolicy" - effect = "Allow" - actions = ["sts:AssumeRole"] - principals { - identifiers = ["507897595701"] - type = "AWS" - } - - condition { - test = "StringEquals" - values = [var.rackspace-role-external-id] - variable = "sts:ExternalId" - } - - // IP addresses from 210218-ord-0000704 - condition { - test = "IpAddress" - values = [ - "103.251.196.229/32", - "104.130.34.10/31", - "108.166.30.184/29", - "119.9.33.76/31", - "119.9.34.76/32", - "119.9.63.37/31", - "120.136.32.96/28", - "161.47.149.40/31", - "173.203.4.160/29", - "180.150.145.101/32", - "184.106.36.113/32", - "198.247.174.254/32", - "198.54.240.38/31", - "202.168.209.40/32", - "202.168.209.55/31", - "206.188.29.84/30", - "212.100.225.41/32", - "212.64.133.101/31", - "212.64.133.96/29", - "216.252.194.205/32", - "217.72.240.100/32", - "217.72.241.224/27", - "217.72.241.40/30", - "4.15.234.50/30", - "50.56.228.101/31", - "50.56.228.64/26", - "50.56.229.0/24", - "50.56.230.0/26", - "50.56.230.140/32", - "50.56.230.87/31", - "52.10.115.132/32", - "52.40.141.99/32", - "63.131.143.173/32", - "64.106.130.93/32", - "64.106.131.0/27", - "64.106.131.248/29", - "64.27.120.64/28", - "66.151.187.234/31", - "66.70.118.224/27", - "66.70.123.0/26", - "66.70.65.182/32", - "69.20.46.238/31", - "72.3.128.198/32", - "72.3.161.16/28", - "72.32.180.176/29", - "72.36.238.244/32", - "72.4.120.192/28", - "78.136.22.232/32", - "78.136.22.238/31", - "83.138.138.214/32", - "85.133.14.26/31", - "85.133.30.136/30", - "89.234.23.52/32", - "92.52.76.135/32", - "92.52.76.140/32", - "94.236.3.80/29", - "94.236.7.176/28" - ] - variable = "aws:SourceIp" - } - - } -} - -resource aws_iam_role rackspace-role { - name = "Rackspace" - description = "Read access for Rackspace role" - tags = var.default-tags - assume_role_policy = data.aws_iam_policy_document.assume-role-policy.json - max_session_duration = 7200 -} - -# Attach managed policies -locals { - managed_policies = [ - "arn:aws:iam::aws:policy/SecurityAudit", - "arn:aws:iam::aws:policy/job-function/SupportUser", - "arn:aws:iam::aws:policy/ReadOnlyAccess" - ] -} - -resource "aws_iam_role_policy_attachment" "attach-managed-policies" { - count = length(local.managed_policies) - role = aws_iam_role.rackspace-role.name - policy_arn = local.managed_policies[count.index] -} \ No newline at end of file diff --git a/modules/security_identity_compliance/rackspace-role/variables.tf b/modules/security_identity_compliance/rackspace-role/variables.tf deleted file mode 100644 index 6174de0..0000000 --- a/modules/security_identity_compliance/rackspace-role/variables.tf +++ /dev/null @@ -1,2 +0,0 @@ -variable default-tags {} -variable rackspace-role-external-id {} \ No newline at end of file