Home Explore Help
Register Sign In
AFS
/
xdr-terraform-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[MSOCI-1285] Added some legacy account roles to iam:PassRole

Duane Waddle 5 years ago
parent
6ff26791eb
commit
b7b3c93931
1 changed files with 19 additions and 0 deletions
Split View Show Diff Stats
  1. 19 0
      submodules/iam/standard_iam_policies/policy-mdr_terraformer.tf

+ 19 - 0
submodules/iam/standard_iam_policies/policy-mdr_terraformer.tf
View File 

@@ -28,6 +28,25 @@ data "aws_iam_policy_document" "mdr_terraformer" {
 
     ]
 
   }
 
 
+  statement {
 
+    sid     = "AllowPassRoleForLegacyAccountRoles"
 
+    effect = "Allow"
 
+    actions = [
 
+      "iam:PassRole",
 
+    ]
 
+
 
+    resources = [
 
+			"arn:${local.aws_partition}:iam::${local.aws_account}:role/vault-instance-role",
 
+			"arn:${local.aws_partition}:iam::${local.aws_account}:role/splunk-aws-instance-role",
 
+			"arn:${local.aws_partition}:iam::${local.aws_account}:role/salt-master-instance-role",
 
+			"arn:${local.aws_partition}:iam::${local.aws_account}:role/portal-instance-role",
 
+			"arn:${local.aws_partition}:iam::${local.aws_account}:role/portal-data-sync-lambda-role",
 
+			"arn:${local.aws_partition}:iam::${local.aws_account}:role/msoc-default-instance-role",
 
+			"arn:${local.aws_partition}:iam::${local.aws_account}:role/ecsFargateTaskExecutionRole",
 
+			"arn:${local.aws_partition}:iam::${local.aws_account}:role/dlm-lifecycle-role",
 
+    ]
 
+  }
 
+
 
   statement {
 
     sid    = "AssumeThisRoleInOtherAccounts"
 
     effect = "Allow"