RoyLDD/.tf

## .tf
# AWS provider
provider "aws" {
  version = "~> 2.0"
  region  = "<AWS_REGION>"
}

# Assume role policy
resource "aws_iam_policy" "assume-role-<ROLE_NAME>" {
  name        = "Assume-Role-<ROLE_NAME>"
  description = "Allow assuming <ROLE_NAME> role on <AWS_ACCOUNT_2> account"
  policy      = <<EOP
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "sts:AssumeRole"
      ],
      "Resource": "arn:aws:iam::<AWS_ACCOUNT_2>:role/<ROLE_NAME>"
    }
  ]
}
EOP
}

# Attach the policy to the group your user is in
resource "aws_iam_group_policy_attachment" "assume-role-<ROLE_NAME>" {
  group      = "${aws_iam_group.groups["<ROLE_NAME>"].name}"
  policy_arn = "${aws_iam_policy.assume-role-<ROLE_NAME>.arn}"
}
	# AWS provider
	provider "aws" {
	version = "~> 2.0"
	region = "<AWS_REGION>"
	}

	# Assume role policy
	resource "aws_iam_policy" "assume-role-<ROLE_NAME>" {
	name = "Assume-Role-<ROLE_NAME>"
	description = "Allow assuming <ROLE_NAME> role on <AWS_ACCOUNT_2> account"
	policy = <<EOP
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"sts:AssumeRole"
	],
	"Resource": "arn:aws:iam::<AWS_ACCOUNT_2>:role/<ROLE_NAME>"
	}
	]
	}
	EOP
	}

	# Attach the policy to the group your user is in
	resource "aws_iam_group_policy_attachment" "assume-role-<ROLE_NAME>" {
	group = "${aws_iam_group.groups["<ROLE_NAME>"].name}"
	policy_arn = "${aws_iam_policy.assume-role-<ROLE_NAME>.arn}"
	}