diff options
| author | Alex <git@ajschof.me> | 2024-08-20 00:56:28 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-20 00:56:28 +0100 |
| commit | da510db20c94ba0dbb98011dc5c8d8bab70ed270 (patch) | |
| tree | 5909e29cdde7ca82007a6df4e853facbaf78145e /terraform/iam.tf | |
| parent | efdd0d95a140a3bca04e63a4318c49271c6aa4e9 (diff) | |
| parent | 2045888e1ae497444c58347096547f0475bba7a1 (diff) | |
| download | de-project-bentley-da510db20c94ba0dbb98011dc5c8d8bab70ed270.tar.gz de-project-bentley-da510db20c94ba0dbb98011dc5c8d8bab70ed270.zip | |
Merge pull request #70 from ajschofield/alex/tf-secrets-perms
pr: add secrets manager permissions in iam.tf
Diffstat (limited to 'terraform/iam.tf')
| -rw-r--r-- | terraform/iam.tf | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/terraform/iam.tf b/terraform/iam.tf index 7585ff8..a8054ca 100644 --- a/terraform/iam.tf +++ b/terraform/iam.tf @@ -169,3 +169,30 @@ resource "aws_iam_role_policy_attachment" "cloudwatch_events_attachment" { role = aws_iam_role.multi_service_role.name policy_arn = aws_iam_policy.cloudwatch_events_policy.arn } + +######################### +# SECRETS MANAGER SETUP # +######################### + +# Policy Doc +data "aws_iam_policy_document" "secrets_manager_policy_doc" { + statement { + effect = "Allow" + actions = [ + "secretsmanager:GetSecretValue" + ] + resources = ["arn:aws:secretsmanager:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:secret:bentley-secrets-Na0yc8"] + } +} + +# SM Policy Resource +resource "aws_iam_policy" "secrets_manager_policy" { + name = "secrets_manager_policy" + policy = data.aws_iam_policy_document.secrets_manager_policy_doc.json +} + +# Attach SM Policy to Role +resource "aws_iam_role_policy_attachment" "secrets_manager_attachment" { + role = aws_iam_role.multi_service_role.name + policy_arn = aws_iam_policy.secrets_manager_policy.arn +} |