| 1234567891011121314151617181920212223242526 |
- #------------------------------------------------------------------------------------------
- # Feed Management SAML role, for feed management people
- #
- # As of now, this doesn't have any cross-account trusts to assume role
- #------------------------------------------------------------------------------------------
- module "role-mdr_feedmgmt_readonly" {
- source = "./modules/saml_linked_role"
- name = "mdr_feedmgmt_readonly"
- account_friendly_name = aws_iam_account_alias.alias.account_alias
- path = "/user/"
- assume_role_policy = data.aws_iam_policy_document.okta_saml_assume_role_policy.json
- okta_app_id = data.okta_app.awsapp.id
- max_session_duration = 28800
- }
- resource "aws_iam_role_policy_attachment" "mdr_feedmgmt_readonly_ViewOnlyAccess" {
- role = module.role-mdr_feedmgmt_readonly.name
- policy_arn = "arn:${local.aws_partition}:iam::aws:policy/job-function/ViewOnlyAccess"
- }
- resource "aws_iam_role_policy_attachment" "mdr_feedmgmt_readonly_s3access" {
- role = module.role-mdr_engineer_readonly.name
- policy_arn = module.standard_iam_policies.arns["mdr_feedmgmt_s3access"]
- }
|
