| 1234567891011121314151617181920212223242526 |
- #------------------------------------------------------------------------------------------
- # A Read Only Engineer. Assumption is this is everyone's normal working
- # role day-to-day in the AWS console. When you need it, you then elevate
- # to mdr_terraformer.
- #
- # Note this is NOT JUST READ ONLY ACCESS. This should only be
- # assigned to ENGINEERS who you expect will able to make changes
- # as needed.
- #------------------------------------------------------------------------------------------
- resource "aws_iam_role" "role-mdr_engineer_readonly" {
- name = "mdr_engineer_readonly"
- path = "/user/"
- assume_role_policy = data.aws_iam_policy_document.non_saml_assume_role_policy.json
- max_session_duration = 28800
- }
- resource "aws_iam_role_policy_attachment" "mdr_engineer_readonly_ViewOnlyAccess" {
- role = aws_iam_role.role-mdr_engineer_readonly.name
- policy_arn = "arn:${local.aws_partition}:iam::aws:policy/job-function/ViewOnlyAccess"
- }
- resource "aws_iam_role_policy_attachment" "mdr_engineer_readonly_assumerole" {
- role = aws_iam_role.role-mdr_engineer_readonly.name
- policy_arn = module.standard_iam_policies.arns["mdr_readonly_assumerole"]
- }
|
