Gunisalvo/week_06.tf

## week_06.tf
variable "student_name" {
  default = "<STUDENT NAME>" # fixme!
}

variable "region" {
  default = "us-east-2"
}

provider "aws" {
  region = "${var.region}"
}

resource "aws_iam_group" "uol_iam_group" {
  name = "Group_CIT523_${var.student_name}"
  path = "/"
}

resource "aws_iam_user" "uol_iam_user" {
  name = "User_CIT523_${var.student_name}"
}

resource "aws_iam_role" "uol_iam_role" {
  name = "Role_CIT523_${var.student_name}"
  path = "/"
  assume_role_policy = <<EOF
{
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {"Service": "ec2.amazonaws.com"},
      "Action": "sts:AssumeRole"
    },
    {
      "Effect": "Allow",
      "Principal": {"Service": "s3.amazonaws.com"},
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

resource "aws_iam_policy" "uol_iam_policy" {
  name        = "Rolicy_CIT523_${var.student_name}"
  description = "UoL Policy"
  policy      =  <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ec2:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": [
        "s3:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
EOF
}

resource "aws_iam_policy_attachment" "uol_iam_role_attach" {
  name       = "ROLE_POLICY_CIT523_${var.student_name}"
  roles      = ["${aws_iam_role.uol_iam_role.name}"]
  groups     = ["${aws_iam_group.uol_iam_group.name}"]
  policy_arn = "${aws_iam_policy.uol_iam_policy.arn}"
}

resource "aws_iam_group_membership" "uol_iam_user_attachment" {
  name = "GROUP_MEMBERSHIP_CIT523_${var.student_name}"
  users = ["${aws_iam_user.uol_iam_user.name}"]
  group = "${aws_iam_group.uol_iam_group.name}"
}

resource "aws_iam_instance_profile" "uol_ec2_profile" {
  name = "S3Obj_CIT523_${var.student_name}"
  role = "${aws_iam_role.uol_ec2_role.name}"
}

resource "aws_iam_role" "uol_ec2_role" {
  name = "ROLE_S3Obj_CIT523_${var.student_name}"
  path = "/"

  assume_role_policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "sts:AssumeRole",
            "Principal": {
               "Service": "s3.amazonaws.com"
            },
            "Effect": "Allow",
            "Sid": ""
        }
    ]
}
EOF
}
	variable "student_name" {
	default = "<STUDENT NAME>" # fixme!
	}

	variable "region" {
	default = "us-east-2"
	}

	provider "aws" {
	region = "${var.region}"
	}

	resource "aws_iam_group" "uol_iam_group" {
	name = "Group_CIT523_${var.student_name}"
	path = "/"
	}

	resource "aws_iam_user" "uol_iam_user" {
	name = "User_CIT523_${var.student_name}"
	}

	resource "aws_iam_role" "uol_iam_role" {
	name = "Role_CIT523_${var.student_name}"
	path = "/"
	assume_role_policy = <<EOF
	{
	"Statement": [
	{
	"Effect": "Allow",
	"Principal": {"Service": "ec2.amazonaws.com"},
	"Action": "sts:AssumeRole"
	},
	{
	"Effect": "Allow",
	"Principal": {"Service": "s3.amazonaws.com"},
	"Action": "sts:AssumeRole"
	}
	]
	}
	EOF
	}

	resource "aws_iam_policy" "uol_iam_policy" {
	name = "Rolicy_CIT523_${var.student_name}"
	description = "UoL Policy"
	policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": [
	"ec2:*"
	],
	"Effect": "Allow",
	"Resource": "*"
	},
	{
	"Action": [
	"s3:*"
	],
	"Effect": "Allow",
	"Resource": "*"
	}
	]
	}
	EOF
	}

	resource "aws_iam_policy_attachment" "uol_iam_role_attach" {
	name = "ROLE_POLICY_CIT523_${var.student_name}"
	roles = ["${aws_iam_role.uol_iam_role.name}"]
	groups = ["${aws_iam_group.uol_iam_group.name}"]
	policy_arn = "${aws_iam_policy.uol_iam_policy.arn}"
	}

	resource "aws_iam_group_membership" "uol_iam_user_attachment" {
	name = "GROUP_MEMBERSHIP_CIT523_${var.student_name}"
	users = ["${aws_iam_user.uol_iam_user.name}"]
	group = "${aws_iam_group.uol_iam_group.name}"
	}

	resource "aws_iam_instance_profile" "uol_ec2_profile" {
	name = "S3Obj_CIT523_${var.student_name}"
	role = "${aws_iam_role.uol_ec2_role.name}"
	}

	resource "aws_iam_role" "uol_ec2_role" {
	name = "ROLE_S3Obj_CIT523_${var.student_name}"
	path = "/"

	assume_role_policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": "sts:AssumeRole",
	"Principal": {
	"Service": "s3.amazonaws.com"
	},
	"Effect": "Allow",
	"Sid": ""
	}
	]
	}
	EOF
	}