resource "aws_iam_policy" "FIAM-COMMON-RestrictRegions" {
  name = "FIAM-COMMON-RestrictRegions"
  path = "/FIAM/"
  description = "Basic for delegated IAM"
  policy = "${data.template_file.FIAM-COMMON-RestrictRegions.rendered}"
}

data "template_file" "FIAM-COMMON-RestrictRegions" {
  template = "${file("../policies/FIAM-COMMON-RestrictRegions.json")}"

  vars = {
    account = "${data.aws_caller_identity.current.account_id}"
  }
}

resource "aws_iam_policy" "FIAM-COMMON-RestrictServices" {
  name = "FIAM-COMMON-RestrictServices"
  path = "/FIAM/"
  description = "Basic for delegated IAM"
  policy = "${data.template_file.FIAM-COMMON-RestrictServices.rendered}"
}

data "template_file" "FIAM-COMMON-RestrictServices" {
  template = "${file("../policies/FIAM-COMMON-RestrictServices.json")}"

  vars = {
    account = "${data.aws_caller_identity.current.account_id}"
  }
}

resource "aws_iam_policy" "FIAM-COMMON-IAMBasics" {
  name = "FIAM-COMMON-IAMBasics"
  path = "/FIAM/"
  description = "Basic for delegated IAM"
  policy = "${data.template_file.FIAM-COMMON-IAMBasics.rendered}"
}

data "template_file" "FIAM-COMMON-IAMBasics" {
  template = "${file("../policies/FIAM-COMMON-IAMBasics.json")}"

  vars = {
    account = "${data.aws_caller_identity.current.account_id}"
  }
}

resource "aws_iam_policy" "FIAM-COMMON-IAM-EC2" {
  name = "FIAM-COMMON-IAM-EC2"
  path = "/FIAM/"
  description = "EC2 permissiosns for delegated IAM access"
  policy = "${data.template_file.FIAM-COMMON-IAM-EC2.rendered}"
}

data "template_file" "FIAM-COMMON-IAM-EC2" {
  template = "${file("../policies/FIAM-COMMON-IAM-EC2.json")}"

  vars = {
    account = "${data.aws_caller_identity.current.account_id}"
  }
}