data "template_file" "splunk-ec2-standalone-trust-policy" {
  template = "${file("policies/splunk-ec2-standalone-trust-policy.json.tpl")}"
  vars = {
    account = "${data.aws_caller_identity.current.account_id}"
  }
}

resource "aws_iam_role" "Splunk-EC2-Standalone" {
  name = "Splunk-EC2-Standalone"
  assume_role_policy = "${data.template_file.splunk-ec2-standalone-trust-policy.rendered}"
}

data "template_file" "splunk-ec2-standalone-permissions-policy" {
  template = "${file("policies/splunk-ec2-standalone-permissions-policy.json.tpl")}"
  vars = {
    account = "${data.aws_caller_identity.current.account_id}",
    smartstore_bucket_arn = "${aws_s3_bucket.splunk-smartstore.arn}"
  }
}

resource "aws_iam_policy" "Splunk-EC2-Standalone" {
  name = "Splunk-EC2-Standalone"
  path = "/Splunk/"
  description = "Splunk policy for EC2 Standalone"
  policy = "${data.template_file.splunk-ec2-standalone-permissions-policy.rendered}"
}

resource "aws_iam_role_policy_attachment" "Splunk-EC2-Standalone" {
  role       = "${aws_iam_role.Splunk-EC2-Standalone.name}"
  policy_arn = "${aws_iam_policy.Splunk-EC2-Standalone.arn}"
}

resource "aws_iam_instance_profile" "Splunk-EC2-Indexer" {
  name = "Splunk-EC2-Standalone"
  role = "${aws_iam_role.Splunk-EC2-Standalone.name}"
}