Skip to content

Instantly share code, notes, and snippets.

@ruanbekker
Forked from clstokes/assume-role-policy.json
Created September 28, 2020 08:42
Show Gist options
  • Save ruanbekker/63ec1871ec3c6051a0d0cb75156e93bd to your computer and use it in GitHub Desktop.
Save ruanbekker/63ec1871ec3c6051a0d0cb75156e93bd to your computer and use it in GitHub Desktop.
Example: Terraform IAM Role
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
resource "aws_iam_role" "test" {
name = "test-role"
assume_role_policy = "${file("assume-role-policy.json")}"
}
resource "aws_iam_policy" "policy" {
name = "test-policy"
description = "A test policy"
policy = "${file("policy-s3-bucket.json")}"
}
resource "aws_iam_policy_attachment" "test-attach" {
name = "test-attachment"
roles = ["${aws_iam_role.test.name}"]
policy_arn = "${aws_iam_policy.policy.arn}"
}
resource "aws_iam_instance_profile" "test_profile" {
name = "test_profile"
roles = ["${aws_iam_role.test.name}"]
}
resource "aws_instance" "main" {
ami = "ami-9a562df2"
instance_type = "t2.small"
iam_instance_profile = "${aws_iam_instance_profile.test_profile.name}"
vpc_security_group_ids = ["${aws_security_group.main.id}"]
}
resource "aws_security_group" "main" {
name = "ssh"
description = "ssh"
}
resource "aws_security_group_rule" "ssh" {
security_group_id = "${aws_security_group.main.id}"
type = "ingress"
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "egress" {
security_group_id = "${aws_security_group.main.id}"
type = "egress"
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
output "ip" {
value = "${aws_instance.main.public_ip}"
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::<bucketname>"]
},
{
"Effect": "Allow",
"Action": ["s3:GetObject"],
"Resource": ["arn:aws:s3:::<bucketname>/*"]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment