34 lines
820 B
HCL
34 lines
820 B
HCL
resource "aws_iam_instance_profile" "this" {
|
|
count = var.create-instance-profile ? 1 : 0
|
|
name = "${var.role-name}-profile"
|
|
role = aws_iam_role.this.name
|
|
path = var.path
|
|
}
|
|
|
|
resource "aws_iam_role" "this" {
|
|
name = var.role-name
|
|
description = var.description
|
|
assume_role_policy = jsonencode(
|
|
{
|
|
"Version" : "2012-10-17",
|
|
"Statement" : [
|
|
{
|
|
"Effect" : "Allow",
|
|
"Principal" : {
|
|
"Service" : [
|
|
var.trusted-entity
|
|
]
|
|
},
|
|
"Action" : "sts:AssumeRole"
|
|
}
|
|
]
|
|
}
|
|
)
|
|
managed_policy_arns = var.managed-policy-arns
|
|
force_detach_policies = true
|
|
path = var.path
|
|
inline_policy {
|
|
name = var.inline-policy-name
|
|
policy = var.inline-policy
|
|
}
|
|
} |