# --------------------------------
# IAM Role for SageMaker
resource "aws_iam_role" "sagemaker-role" {
name = "sagemaker-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "sagemaker-role-attachment" {
role = "${aws_iam_role.sagemaker-role.name}"
policy_arn = "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess"
}
# --------------------------------
# IAM Group for SageMaker
resource "aws_iam_group" "sagemaker-group" {
name = "sagemaker-group"
}
resource "aws_iam_group_policy_attachment" "sagemaker-group-attachment-AmazonSageMakerFullAccess" {
group = "${aws_iam_group.sagemaker-group.name}"
policy_arn = "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess"
}
resource "aws_iam_group_policy_attachment" "sagemaker-group-attachment-AmazonEC2FullAccess" {
group = "${aws_iam_group.sagemaker-group.name}"
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
}
resource "aws_iam_group_policy_attachment" "sagemaker-group-attachment-IAMReadOnlyAccess" {
group = "${aws_iam_group.sagemaker-group.name}"
policy_arn = "arn:aws:iam::aws:policy/IAMReadOnlyAccess"
}
resource "aws_iam_group_policy_attachment" "sagemaker-group-attachment-IAMUserChangePassword" {
group = "${aws_iam_group.sagemaker-group.name}"
policy_arn = "arn:aws:iam::aws:policy/IAMUserChangePassword"
}
resource "aws_iam_group_membership" "sagemaker-group-membership" {
name = "sagemaker-group-membership"
group = "${aws_iam_group.sagemaker-group.name}"
users = "${var.sagemaker_users}"
}
# --------------------------------
# IAM Users for SageMaker
resource "aws_iam_user" "sagemaker-users" {
name = "${var.sagemaker_users[count.index]}"
force_destroy = true
count = "${length(var.sagemaker_users)}"
}
resource "aws_iam_user_login_profile" "sagemaker-users" {
user = "${var.sagemaker_users[count.index]}"
pgp_key = "${file("foo.gpg.base64")}"
count = "${length(var.sagemaker_users)}"
}
output "sagemaker-user-passwords" {
value = ["${aws_iam_user_login_profile.sagemaker-users.*.encrypted_password}"]
}
/terraform.tf.md
Secret
Last active Mar 5, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment