| 12345678910111213141516171819202122232425262728293031323334 |
- module "instance_profile" {
- source = "../../../submodules/iam/base_instance_profile"
- prefix = "xdr-custsh"
- aws_partition = var.aws_partition
- aws_account_id = var.aws_account_id
- }
- # Customer SH Specific Policy
- resource "aws_iam_policy" "instance_policy" {
- name = "custsh_instance_policy"
- path = "/launchroles/"
- description = "This policy allows custsh-specific functions"
- policy = data.aws_iam_policy_document.instance_policy_doc.json
- }
- data "aws_iam_policy_document" "instance_policy_doc" {
- statement {
- sid = "AllowAssumeRoleToSplunkApps"
- effect = "Allow"
- actions = [
- "sts:AssumeRole"
- ]
- resources = [
- "arn:${var.aws_partition}:iam::${var.aws_account_id}:role/service/splunk-apps-s3"
- ]
- }
- }
- resource "aws_iam_role_policy_attachment" "instance_policy_attach" {
- role = module.instance_profile.role_id
- policy_arn = aws_iam_policy.instance_policy.arn
- }
|
