Skip to content

Instantly share code, notes, and snippets.

@KyMidd

KyMidd/iam_implicit_policy.tf

Created August 24, 2019 18:26
Show Gist options
  • Save KyMidd/153b7c5016c331a0267f8b20b1f320aa to your computer and use it in GitHub Desktop.
Save KyMidd/153b7c5016c331a0267f8b20b1f320aa to your computer and use it in GitHub Desktop.
Download ZIP
Raw
iam_implicit_policy.tf
# Create IAM policy to give implicit role permission to assume broad IAM Role
resource "aws_iam_policy" "ado_iam_role_permit_sts_assume" {
name = "AzureDevOpsPolicyPermitStsAssume"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "${aws_iam_role.ado_iam_assumed_role.arn}"
}
]
}
EOF
lifecycle {
prevent_destroy = true
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment