Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
AFS
/
xdr-terraform-modules
2
0
Haarauta 0
Tiedostot Esitykset 0 Vetopyynnöt 0 Wiki
Haara: master
Haarat Tunnisteet
xdr-terraform-m...
/
submodules
/
iam
/
common_services_roles
/
assume_role_policy-non_saml.tf

assume_role_policy-non_saml.tf 873 B
Pysyvä linkki Historia Raaka

12345678910111213141516171819202122232425262728293031323334 
  1. data "aws_iam_policy_document" "non_saml_assume_role_policy" {
    2. 

  2.   statement {
    3. 

  3.     sid    = "AllowAssumeRoleFromReadOnly"
    4. 

  4.     effect = "Allow"
    5. 

  5.     principals {
    6. 

  6.       type = "AWS"
    7. 

  7.       identifiers = [
    8. 

  8.         "arn:${local.aws_partition}:iam::${local.aws_account}:role/user/mdr_engineer_readonly"
    9. 

  9.       ]
    10. 

  10.     }
    11. 

  11. 

  12.     actions = [
    13. 

  13.       "sts:AssumeRole",
    14. 

  14.     ]
    15. 

  15.   }
    16. 

  16. }
    17. 

  17. 

  18. data "aws_iam_policy_document" "non_saml_assume_role_policy_developer" {
    19. 

  19.   statement {
    20. 

  20.     sid    = "AllowAssumeRoleFromReadOnly"
    21. 

  21.     effect = "Allow"
    22. 

  22.     principals {
    23. 

  23.       type = "AWS"
    24. 

  24.       identifiers = [
    25. 

  25.         "arn:${local.aws_partition}:iam::${local.aws_account}:role/user/mdr_developer_readonly",
    26. 

  26.         "arn:${local.aws_partition}:iam::${local.aws_account}:role/user/mdr_engineer_readonly", # engineers can be developers for testing
    27. 

  27.       ]
    28. 

  28.     }
    29. 

  29. 

  30.     actions = [
    31. 

  31.       "sts:AssumeRole",
    32. 

  32.     ]
    33. 

  33.   }
    34. 

  34. }
    35.