github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/e2e/terraform/iam.tf (about) 1 resource "aws_iam_instance_profile" "instance_profile" { 2 name_prefix = local.random_name 3 role = aws_iam_role.instance_role.name 4 } 5 6 resource "aws_iam_role" "instance_role" { 7 name_prefix = local.random_name 8 assume_role_policy = data.aws_iam_policy_document.instance_role.json 9 } 10 11 data "aws_iam_policy_document" "instance_role" { 12 statement { 13 effect = "Allow" 14 actions = ["sts:AssumeRole"] 15 16 principals { 17 type = "Service" 18 identifiers = ["ec2.amazonaws.com"] 19 } 20 } 21 } 22 23 resource "aws_iam_role_policy" "auto_discover_cluster" { 24 name = "auto-discover-cluster" 25 role = aws_iam_role.instance_role.id 26 policy = data.aws_iam_policy_document.auto_discover_cluster.json 27 } 28 29 # Note: Overloading this instance profile to access 30 # test binaries, should be renamed. 31 data "aws_iam_policy_document" "auto_discover_cluster" { 32 statement { 33 effect = "Allow" 34 35 actions = [ 36 "ec2:DescribeInstances", 37 "ec2:DescribeTags", 38 "autoscaling:DescribeAutoScalingGroups", 39 ] 40 resources = ["*"] 41 } 42 43 statement { 44 effect = "Allow" 45 46 actions = [ 47 "ec2:DescribeInstances", 48 "ec2:DescribeTags", 49 "ec2:DescribeVolume*", 50 "ec2:AttachVolume", 51 "ec2:DetachVolume", 52 "autoscaling:DescribeAutoScalingGroups", 53 ] 54 resources = ["*"] 55 } 56 57 statement { 58 effect = "Allow" 59 60 actions = [ 61 "s3:PutObject", 62 "s3:GetObject", 63 "s3:DeleteObject", 64 ] 65 resources = ["arn:aws:s3:::nomad-team-test-binary/*"] 66 } 67 }