| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596 |
- data "aws_iam_policy_document" "lambda_policy" {
- statement {
- sid = "Logs"
- effect = "Allow"
- resources = ["arn:aws:logs:*:*:*"]
- actions = [
- "logs:CreateLogGroup",
- "logs:CreateLogStream",
- "logs:PutLogEvents",
- ]
- }
- }
- resource "aws_iam_policy" "lambda_policy" {
- name = "game_server_lambda"
- path = "/game_server/"
- description = "AWS IAM Policy for Game Server Lambdas"
- policy = data.aws_iam_policy_document.lambda_policy.json
- tags = local.tags
- }
- data "aws_iam_policy_document" "lambda_trust" {
- statement {
- sid = ""
- effect = "Allow"
- actions = ["sts:AssumeRole"]
- principals {
- type = "Service"
- identifiers = ["lambda.amazonaws.com"]
- }
- }
- }
- resource "aws_iam_role" "lambda_role" {
- name = "game_server_lambda"
- path = "/game_server/"
- assume_role_policy = data.aws_iam_policy_document.lambda_trust.json
- tags = local.tags
- }
- resource "aws_iam_role_policy_attachment" "attach_iam_policy_to_iam_role" {
- role = aws_iam_role.lambda_role.name
- policy_arn = aws_iam_policy.lambda_policy.arn
- }
- resource "aws_iam_role" "cloudwatch" {
- name = "api_gateway_cloudwatch_global"
- assume_role_policy = <<EOF
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Sid": "",
- "Effect": "Allow",
- "Principal": {
- "Service": "apigateway.amazonaws.com"
- },
- "Action": "sts:AssumeRole"
- }
- ]
- }
- EOF
- }
- resource "aws_iam_role_policy" "cloudwatch" {
- name = "default"
- role = aws_iam_role.cloudwatch.id
- policy = <<EOF
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": [
- "logs:CreateLogGroup",
- "logs:CreateLogStream",
- "logs:DescribeLogGroups",
- "logs:DescribeLogStreams",
- "logs:PutLogEvents",
- "logs:GetLogEvents",
- "logs:FilterLogEvents"
- ],
- "Resource": "*"
- }
- ]
- }
- EOF
- }
|
