| 12345678910111213141516171819202122232425262728293031323334353637 |
- resource "aws_iam_role" "FIAM-Developer" {
- name = "FIAM-Developer"
- assume_role_policy = "${data.template_file.trust_policy.rendered}"
- tags = {
- "IAM:PermissionsBoundary" = "FIAM-BOUNDARY-Developer"
- "IAM:NamePrefix" = "FIAM-DEV"
- }
- }
- resource "aws_iam_role_policy_attachment" "FIAM-Developer-FIAM-COMMON-RestrictRegions" {
- role = "${aws_iam_role.FIAM-Developer.name}"
- policy_arn = "${aws_iam_policy.FIAM-COMMON-RestrictRegions.arn}"
- }
- resource "aws_iam_role_policy_attachment" "FIAM-Developer-FIAM-COMMON-RestrictServices" {
- role = "${aws_iam_role.FIAM-Developer.name}"
- policy_arn = "${aws_iam_policy.FIAM-COMMON-RestrictServices.arn}"
- }
- resource "aws_iam_role_policy_attachment" "FIAM-Developer-FIAM-COMMON-IAMBasics" {
- role = "${aws_iam_role.FIAM-Developer.name}"
- policy_arn = "${aws_iam_policy.FIAM-COMMON-IAMBasics.arn}"
- }
- resource "aws_iam_role_policy_attachment" "FIAM-Developer-FIAM-COMMON-IAM-EC2" {
- role = "${aws_iam_role.FIAM-Developer.name}"
- policy_arn = "${aws_iam_policy.FIAM-COMMON-IAM-EC2.arn}"
- }
- data "template_file" "trust_policy" {
- template = "${file("../policies/FIAM-TRUST-TrustPolicy.json")}"
- #template = "${file("../policies/FIAM-TRUST-TrustPolicy-MFARequired.json")}"
- vars = {
- account = "${data.aws_caller_identity.current.account_id}"
- }
- }
|
