|
|
@@ -103,29 +103,16 @@ resource "vault_aws_auth_backend_role" "portal" {
|
|
|
token_policies = ["portal"]
|
|
|
}
|
|
|
|
|
|
-#TO BE IMPLEMETED
|
|
|
-# resource "vault_aws_auth_backend_role" "portal-data-sync-lambda-role" {
|
|
|
-# backend = vault_auth_backend.aws.path
|
|
|
-# role = "portal-data-sync-lambda-role"
|
|
|
-# auth_type = "iam"
|
|
|
-# bound_iam_principal_arns = ["arn:${var.aws_partition}:iam::${var.aws_account_id}:role/portal-data-sync-lambda-role"]
|
|
|
-# #inferred_aws_region = "us-gov-east-1"
|
|
|
-# token_ttl = 60
|
|
|
-# token_max_ttl = 86400
|
|
|
-# token_policies = ["portal"]
|
|
|
-# }
|
|
|
-
|
|
|
-#Legacy probably not used
|
|
|
-# resource "vault_aws_auth_backend_role" "clu" {
|
|
|
-# backend = vault_auth_backend.aws.path
|
|
|
-# role = "clu"
|
|
|
-# auth_type = "iam"
|
|
|
-# bound_iam_principal_arns = ["arn:${var.aws_partition}:iam::{$var.aws_account_id}:role/clu-instance-role"]
|
|
|
-# token_ttl = 60
|
|
|
-# token_max_ttl = 86400
|
|
|
-# token_policies = ["clu"]
|
|
|
-# inferred_aws_region = "us-gov-east-1"
|
|
|
-# }
|
|
|
+resource "vault_aws_auth_backend_role" "portal-data-sync-lambda-role" {
|
|
|
+ backend = vault_auth_backend.aws.path
|
|
|
+ role = "portal-data-sync-lambda-role"
|
|
|
+ auth_type = "iam"
|
|
|
+ bound_iam_principal_arns = ["arn:${var.aws_partition}:iam::${var.aws_account_id}:role/portal-data-sync-lambda-role"]
|
|
|
+ #inferred_aws_region = "us-gov-east-1"
|
|
|
+ token_ttl = 60
|
|
|
+ token_max_ttl = 86400
|
|
|
+ token_policies = ["portal"]
|
|
|
+}
|
|
|
|
|
|
|
|
|
#----------------------------------------------------------------------------
|
Brad Poulton