Skip to content

Instantly share code, notes, and snippets.

@RoyLDD
Last active December 15, 2019 14:39
Show Gist options
  • Save RoyLDD/90584e7be7ae8c7807881def176bd336 to your computer and use it in GitHub Desktop.
Save RoyLDD/90584e7be7ae8c7807881def176bd336 to your computer and use it in GitHub Desktop.
Assume role terraform
# AWS provider
provider "aws" {
version = "~> 2.0"
region = "<AWS_REGION>"
}
# Assume role policy
resource "aws_iam_policy" "assume-role-<ROLE_NAME>" {
name = "Assume-Role-<ROLE_NAME>"
description = "Allow assuming <ROLE_NAME> role on <AWS_ACCOUNT_2> account"
policy = <<EOP
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sts:AssumeRole"
],
"Resource": "arn:aws:iam::<AWS_ACCOUNT_2>:role/<ROLE_NAME>"
}
]
}
EOP
}
# Attach the policy to the group your user is in
resource "aws_iam_group_policy_attachment" "assume-role-<ROLE_NAME>" {
group = "${aws_iam_group.groups["<ROLE_NAME>"].name}"
policy_arn = "${aws_iam_policy.assume-role-<ROLE_NAME>.arn}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment