Skip to content

Instantly share code, notes, and snippets.

@NYARAS

NYARAS/iam_policy.tf

Last active January 31, 2023 13:03
Show Gist options
  • Save NYARAS/a1d6074f0a4e14e030da159cb92732ab to your computer and use it in GitHub Desktop.
Save NYARAS/a1d6074f0a4e14e030da159cb92732ab to your computer and use it in GitHub Desktop.
Download ZIP
Gitlab OIDC IAM policy
Raw
iam_policy.tf
locals {
bucket_name = "oidc-test-bucket"
}
resource "aws_iam_role_policy" "gitlab_ci" {
name = "s3"
role = aws_iam_role.gitlab_ci.name
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::${local.bucket_name}/*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::${local.bucket_name}"
}
]
}
EOF
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment