sbrinkmeyer/policy_roles.tf

## policy_roles.tf

data "aws_iam_policy_document" "build_agent_role_policy" {
  statement {
    sid="TrustPolicyToAllowEC2AssumeRoleAction"
    effect="Allow"
    actions = ["sts:AssumeRole"]
    principals {
      type = "Service"
      identifiers = [
        "ec2.amazonaws.com"
      ]
    }
  }
}

resource "aws_iam_instance_profile" "build_agent_profile" {
    name = "${var.customer_name}BuildAgentInstanceProfile"
    role = "${aws_iam_role.build_agent_role.name}"
}

resource "aws_iam_role" "build_agent_role" {
    name = "${var.customer_name}BuildAgentRole"
    path = "/"
    assume_role_policy = "${data.aws_iam_policy_document.build_agent_role_policy.json}"
}

resource "aws_iam_role_policy_attachment" "build_agent_policy_attach" {
    role = "${aws_iam_role.build_agent_role.name}"
    policy_arn = "${aws_iam_policy.build_agent_policy.arn}"
}

	data "aws_iam_policy_document" "build_agent_role_policy" {
	statement {
	sid="TrustPolicyToAllowEC2AssumeRoleAction"
	effect="Allow"
	actions = ["sts:AssumeRole"]
	principals {
	type = "Service"
	identifiers = [
	"ec2.amazonaws.com"
	]
	}
	}
	}

	resource "aws_iam_instance_profile" "build_agent_profile" {
	name = "${var.customer_name}BuildAgentInstanceProfile"
	role = "${aws_iam_role.build_agent_role.name}"
	}

	resource "aws_iam_role" "build_agent_role" {
	name = "${var.customer_name}BuildAgentRole"
	path = "/"
	assume_role_policy = "${data.aws_iam_policy_document.build_agent_role_policy.json}"
	}

	resource "aws_iam_role_policy_attachment" "build_agent_policy_attach" {
	role = "${aws_iam_role.build_agent_role.name}"
	policy_arn = "${aws_iam_policy.build_agent_policy.arn}"
	}