module "moose_instance_profile" { count = local.is_moose ? 1 : 0 source = "../../../submodules/iam/base_instance_profile" prefix = "moose-splunk-sh" aws_partition = var.aws_partition aws_account_id = var.aws_account_id } data "aws_iam_policy_document" "moose_splunk_sh_policy_doc" { count = local.is_moose ? 1 : 0 # Moose splunk SH can assumerole into the C2 and mdr-prod-root-ca accounts to run the ACM audit report statement { sid = "AllowAssumeRole" effect = "Allow" actions = [ "sts:AssumeRole" ] resources = [ "arn:${var.aws_partition}:iam::*:role/service/run_audit_report_role", "arn:${ var.aws_partition }:iam::${ var.aws_account_id }:role/service/splunk_apps_s3" ] } # Moose splunk SH can grab the ACM audit reports statement { sid = "" effect = "Allow" resources = ["arn:${var.aws_partition}:s3:::xdr-ca-audit-reports"] actions = [ "s3:ListBucket", "s3:ListBucketVersions", ] } statement { sid = "" effect = "Allow" resources = ["arn:${var.aws_partition}:s3:::xdr-ca-audit-reports/*"] actions = [ "s3:GetObject", "s3:GetObjectVersion", ] } } resource "aws_iam_policy" "moose_splunk_sh_policy" { count = local.is_moose ? 1 : 0 name = "moose_splunk_sh" path = "/" policy = data.aws_iam_policy_document.moose_splunk_sh_policy_doc[count.index].json } resource "aws_iam_role_policy_attachment" "moose_splunk_sh_attach" { count = local.is_moose ? 1 : 0 role = module.moose_instance_profile[count.index].role_id policy_arn = aws_iam_policy.moose_splunk_sh_policy[count.index].arn } #This policy needs to be create prior to creating the Salt Master resource "aws_iam_role_policy_attachment" "moose_splunk_sh_policy_attach_binaries" { count = local.is_moose ? 1 : 0 role = module.moose_instance_profile[count.index].role_id policy_arn = "arn:${var.aws_partition}:iam::${var.aws_account_id}:policy/launchroles/default_instance_s3_binaries" }