resource "aws_iam_role" "FIAM-Developer" {
  name = "FIAM-Developer"
  assume_role_policy = "${data.template_file.trust_policy.rendered}"
  tags = {
    "IAM:PermissionsBoundary" = "FIAM-BOUNDARY-Developer"
    "IAM:NamePrefix" = "FIAM-DEV"
  }
}

resource "aws_iam_role_policy_attachment" "FIAM-Developer-FIAM-COMMON-RestrictRegions" {
  role       = "${aws_iam_role.FIAM-Developer.name}"
  policy_arn = "${aws_iam_policy.FIAM-COMMON-RestrictRegions.arn}"
}

resource "aws_iam_role_policy_attachment" "FIAM-Developer-FIAM-COMMON-RestrictServices" {
  role       = "${aws_iam_role.FIAM-Developer.name}"
  policy_arn = "${aws_iam_policy.FIAM-COMMON-RestrictServices.arn}"
}

resource "aws_iam_role_policy_attachment" "FIAM-Developer-FIAM-COMMON-IAMBasics" {
  role       = "${aws_iam_role.FIAM-Developer.name}"
  policy_arn = "${aws_iam_policy.FIAM-COMMON-IAMBasics.arn}"
}

resource "aws_iam_role_policy_attachment" "FIAM-Developer-FIAM-COMMON-IAM-EC2" {
  role       = "${aws_iam_role.FIAM-Developer.name}"
  policy_arn = "${aws_iam_policy.FIAM-COMMON-IAM-EC2.arn}"
}

data "template_file" "trust_policy" {
  template = "${file("../policies/FIAM-TRUST-TrustPolicy.json")}"
  #template = "${file("../policies/FIAM-TRUST-TrustPolicy-MFARequired.json")}"

  vars = {
    account = "${data.aws_caller_identity.current.account_id}"
  }
}