github.com/bigcommerce/nomad@v0.9.3-bc/e2e/terraform/iam.tf (about) 1 resource "aws_iam_instance_profile" "instance_profile" { 2 name_prefix = "${local.random_name}" 3 role = "${aws_iam_role.instance_role.name}" 4 } 5 6 resource "aws_iam_role" "instance_role" { 7 name_prefix = "${local.random_name}" 8 assume_role_policy = "${data.aws_iam_policy_document.instance_role.json}" 9 } 10 11 data "aws_iam_policy_document" "instance_role" { 12 statement { 13 effect = "Allow" 14 actions = ["sts:AssumeRole"] 15 16 principals { 17 type = "Service" 18 identifiers = ["ec2.amazonaws.com"] 19 } 20 } 21 } 22 23 resource "aws_iam_role_policy" "auto_discover_cluster" { 24 name = "auto-discover-cluster" 25 role = "${aws_iam_role.instance_role.id}" 26 policy = "${data.aws_iam_policy_document.auto_discover_cluster.json}" 27 } 28 29 # Note: Overloading this instance profile to access 30 # test binaries, should be renamed. 31 data "aws_iam_policy_document" "auto_discover_cluster" { 32 statement { 33 effect = "Allow" 34 35 actions = [ 36 "ec2:DescribeInstances", 37 "ec2:DescribeTags", 38 "autoscaling:DescribeAutoScalingGroups", 39 ] 40 resources = ["*"] 41 } 42 43 statement { 44 effect = "Allow" 45 46 actions = [ 47 "ec2:DescribeInstances", 48 "ec2:DescribeTags", 49 "autoscaling:DescribeAutoScalingGroups", 50 ] 51 resources = ["*"] 52 } 53 54 statement { 55 effect = "Allow" 56 57 actions = [ 58 "s3:PutObject", 59 "s3:GetObject", 60 "s3:DeleteObject" 61 ] 62 resources = ["arn:aws:s3:::nomad-team-test-binary/*"] 63 } 64 }