Inicio Explorar Axuda
Rexistro Iniciar sesión
AFS
/
xdr-terraform-modules
2
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: e40246b7e7
Ramas Etiquetas
xdr-terraform-m...
/
base
/
customer_portal_lambda
/
iam.tf

iam.tf 1.5 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. data "aws_iam_policy_document" "policy_portal_data_sync_lambda" {
    2. 

  2.   statement {
    3. 

  3.     effect = "Allow"
    4. 

  4.     actions = [
    5. 

  5.       "ec2:CreateNetworkInterface",
    6. 

  6.       "logs:CreateLogStream",
    7. 

  7.       "ec2:DescribeNetworkInterfaces",
    8. 

  8.       "logs:DescribeLogStreams",
    9. 

  9.       "ec2:DeleteNetworkInterface",
    10. 

  10.       "logs:PutRetentionPolicy",
    11. 

  11.       "logs:CreateLogGroup",
    12. 

  12.       "logs:PutLogEvents",
    13. 

  13.       "sqs:ListQueues"
    14. 

  14.     ]
    15. 

  15.     resources = ["*"]
    16. 

  16.   }
    17. 

  17. 

  18.   statement {
    19. 

  19.     effect = "Allow"
    20. 

  20.     actions = [
    21. 

  21.         "sqs:*",
    22. 

  22.     ]
    23. 

  23.     resources = [ 
    24. 

  24.         aws_sqs_queue.sqs_queue.arn,
    25. 

  25.         aws_sqs_queue.sqs_queue_dlq.arn
    26. 

  26.     ]
    27. 

  27.   }
    28. 

  28. 

  29.   statement {
    30. 

  30.     effect = "Allow"
    31. 

  31.     actions = [
    32. 

  32.       "kms:GenerateDataKey",
    33. 

  33.       "kms:Decrypt"
    34. 

  34.     ]
    35. 

  35.     resources = [ 
    36. 

  36.         aws_kms_key.sqs_key.arn
    37. 

  37.     ]
    38. 

  38.   }
    39. 

  39. }
    40. 

  40. 

  41. resource "aws_iam_policy" "policy_portal_data_sync_lambda" {
    42. 

  42.   name        = "policy_portal_data_sync_lambda"
    43. 

  43.   path        = "/"
    44. 

  44.   policy      = data.aws_iam_policy_document.policy_portal_data_sync_lambda.json
    45. 

  45.   description = "IAM policy for portal_data_sync_lambda"
    46. 

  46. }
    47. 

  47. 

  48. resource "aws_iam_role" "portal_lambda_role" {
    49. 

  49.   name     = "portal-data-sync-lambda-role"
    50. 

  50.   assume_role_policy = <<EOF
    51. 

  51. {
    52. 

  52. "Version": "2012-10-17",
    53. 

  53. "Statement": [
    54. 

  54.     { 
    55. 

  55.     "Sid": "",
    56. 

  56.     "Effect": "Allow",
    57. 

  57.     "Principal": {
    58. 

  58.         "Service": [
    59. 

  59.         "lambda.amazonaws.com"
    60. 

  60.         ]
    61. 

  61.     },
    62. 

  62.     "Action": "sts:AssumeRole"
    63. 

  63.     }
    64. 

  64. ]
    65. 

  65. }
    66. 

  66. EOF
    67. 

  67. }
    68. 

  68. 

  69. resource "aws_iam_role_policy_attachment" "lambda_role" {
    70. 

  70.   role       = aws_iam_role.portal_lambda_role.name
    71. 

  71.   policy_arn = aws_iam_policy.policy_portal_data_sync_lambda.arn
    72. 

  72. }
    73.