DEL: removed rs stuff
This commit is contained in:
parent
be755a4b8d
commit
ecb3b246cd
@ -1,108 +0,0 @@
|
|||||||
data aws_caller_identity this {}
|
|
||||||
|
|
||||||
data aws_iam_policy_document assume-role-policy {
|
|
||||||
statement {
|
|
||||||
sid = "RackspaceRoleTrustPolicy"
|
|
||||||
effect = "Allow"
|
|
||||||
actions = ["sts:AssumeRole"]
|
|
||||||
principals {
|
|
||||||
identifiers = ["507897595701"]
|
|
||||||
type = "AWS"
|
|
||||||
}
|
|
||||||
|
|
||||||
condition {
|
|
||||||
test = "StringEquals"
|
|
||||||
values = [var.rackspace-role-external-id]
|
|
||||||
variable = "sts:ExternalId"
|
|
||||||
}
|
|
||||||
|
|
||||||
// IP addresses from 210218-ord-0000704
|
|
||||||
condition {
|
|
||||||
test = "IpAddress"
|
|
||||||
values = [
|
|
||||||
"103.251.196.229/32",
|
|
||||||
"104.130.34.10/31",
|
|
||||||
"108.166.30.184/29",
|
|
||||||
"119.9.33.76/31",
|
|
||||||
"119.9.34.76/32",
|
|
||||||
"119.9.63.37/31",
|
|
||||||
"120.136.32.96/28",
|
|
||||||
"161.47.149.40/31",
|
|
||||||
"173.203.4.160/29",
|
|
||||||
"180.150.145.101/32",
|
|
||||||
"184.106.36.113/32",
|
|
||||||
"198.247.174.254/32",
|
|
||||||
"198.54.240.38/31",
|
|
||||||
"202.168.209.40/32",
|
|
||||||
"202.168.209.55/31",
|
|
||||||
"206.188.29.84/30",
|
|
||||||
"212.100.225.41/32",
|
|
||||||
"212.64.133.101/31",
|
|
||||||
"212.64.133.96/29",
|
|
||||||
"216.252.194.205/32",
|
|
||||||
"217.72.240.100/32",
|
|
||||||
"217.72.241.224/27",
|
|
||||||
"217.72.241.40/30",
|
|
||||||
"4.15.234.50/30",
|
|
||||||
"50.56.228.101/31",
|
|
||||||
"50.56.228.64/26",
|
|
||||||
"50.56.229.0/24",
|
|
||||||
"50.56.230.0/26",
|
|
||||||
"50.56.230.140/32",
|
|
||||||
"50.56.230.87/31",
|
|
||||||
"52.10.115.132/32",
|
|
||||||
"52.40.141.99/32",
|
|
||||||
"63.131.143.173/32",
|
|
||||||
"64.106.130.93/32",
|
|
||||||
"64.106.131.0/27",
|
|
||||||
"64.106.131.248/29",
|
|
||||||
"64.27.120.64/28",
|
|
||||||
"66.151.187.234/31",
|
|
||||||
"66.70.118.224/27",
|
|
||||||
"66.70.123.0/26",
|
|
||||||
"66.70.65.182/32",
|
|
||||||
"69.20.46.238/31",
|
|
||||||
"72.3.128.198/32",
|
|
||||||
"72.3.161.16/28",
|
|
||||||
"72.32.180.176/29",
|
|
||||||
"72.36.238.244/32",
|
|
||||||
"72.4.120.192/28",
|
|
||||||
"78.136.22.232/32",
|
|
||||||
"78.136.22.238/31",
|
|
||||||
"83.138.138.214/32",
|
|
||||||
"85.133.14.26/31",
|
|
||||||
"85.133.30.136/30",
|
|
||||||
"89.234.23.52/32",
|
|
||||||
"92.52.76.135/32",
|
|
||||||
"92.52.76.140/32",
|
|
||||||
"94.236.3.80/29",
|
|
||||||
"94.236.7.176/28"
|
|
||||||
]
|
|
||||||
variable = "aws:SourceIp"
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource aws_iam_role rackspace-role {
|
|
||||||
name = "Rackspace"
|
|
||||||
description = "Read access for Rackspace role"
|
|
||||||
tags = var.default-tags
|
|
||||||
assume_role_policy = data.aws_iam_policy_document.assume-role-policy.json
|
|
||||||
max_session_duration = 7200
|
|
||||||
}
|
|
||||||
|
|
||||||
# Attach managed policies
|
|
||||||
locals {
|
|
||||||
managed_policies = [
|
|
||||||
"arn:aws:iam::aws:policy/SecurityAudit",
|
|
||||||
"arn:aws:iam::aws:policy/job-function/SupportUser",
|
|
||||||
"arn:aws:iam::aws:policy/ReadOnlyAccess"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_iam_role_policy_attachment" "attach-managed-policies" {
|
|
||||||
count = length(local.managed_policies)
|
|
||||||
role = aws_iam_role.rackspace-role.name
|
|
||||||
policy_arn = local.managed_policies[count.index]
|
|
||||||
}
|
|
@ -1,2 +0,0 @@
|
|||||||
variable default-tags {}
|
|
||||||
variable rackspace-role-external-id {}
|
|
Loading…
Reference in New Issue
Block a user