echohack/iam_role_example.tf

## iam_role_example.tf

resource "aws_iam_role" "my_team" {
  name = "${var.aws_iam_role}"

  assume_role_policy = <<EOF
{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Action":"sts:AssumeRole",
         "Principal":{
            "Service":"ec2.amazonaws.com"
         },
         "Effect":"Allow"
      }
   ]
}
EOF
}

resource "aws_iam_instance_profile" "my_team" {
  name = "${var.instance_profile}"
  role = "${aws_iam_role.my_team.name}"
}

resource "aws_iam_role_policy" "my_team" {
  name = "my_team"
  role = "${aws_iam_role.my_team.id}"

  policy = <<EOF
{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
              "s3:Get*",
              "s3:List*"
         ],
         "Resource": [
            "arn:aws:s3:::${var.s3_bucket}",
            "arn:aws:s3:::${var.s3_bucket}/*"
         ]
      }
   ]
}
EOF
}

	resource "aws_iam_role" "my_team" {
	name = "${var.aws_iam_role}"

	assume_role_policy = <<EOF
	{
	"Version":"2012-10-17",
	"Statement":[
	{
	"Action":"sts:AssumeRole",
	"Principal":{
	"Service":"ec2.amazonaws.com"
	},
	"Effect":"Allow"
	}
	]
	}
	EOF
	}

	resource "aws_iam_instance_profile" "my_team" {
	name = "${var.instance_profile}"
	role = "${aws_iam_role.my_team.name}"
	}

	resource "aws_iam_role_policy" "my_team" {
	name = "my_team"
	role = "${aws_iam_role.my_team.id}"

	policy = <<EOF
	{
	"Version":"2012-10-17",
	"Statement":[
	{
	"Effect":"Allow",
	"Action":[
	"s3:Get*",
	"s3:List*"
	],
	"Resource": [
	"arn:aws:s3:::${var.s3_bucket}",
	"arn:aws:s3:::${var.s3_bucket}/*"
	]
	}
	]
	}
	EOF
	}