From 746f4206b2f30126c3c09ac11a2d49be3259fe6f Mon Sep 17 00:00:00 2001
From: Alex Schofield <git@ajschof.me>
Date: Tue, 20 Aug 2024 00:42:54 +0100
Subject: infra(tf): add secrets manager permissions

I feel like what I've done is bad but we'll find out soon.
---
 terraform/iam.tf | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'terraform/iam.tf')

diff --git a/terraform/iam.tf b/terraform/iam.tf
index 7585ff8..a36cfdf 100644
--- a/terraform/iam.tf
+++ b/terraform/iam.tf
@@ -169,3 +169,30 @@ resource "aws_iam_role_policy_attachment" "cloudwatch_events_attachment" {
   role       = aws_iam_role.multi_service_role.name
   policy_arn = aws_iam_policy.cloudwatch_events_policy.arn
 }
+
+#########################
+# SECRETS MANAGER SETUP #
+#########################
+
+# Policy Doc
+data "aws_iam_policy_document" "secrets_manager_policy_doc" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "secretsmanager:GetSecretValue"
+    ]
+    resources = []
+  }
+}
+
+# SM Policy Resource
+resource "aws_iam_policy" "secrets_manager_policy" {
+  name   = "secrets_manager_policy"
+  policy = data.aws_iam_policy_document.secrets_manager_policy_doc.json
+}
+
+# Attach SM Policy to Role
+resource "aws_iam_role_policy_attachment" "secrets_manager_attachment" {
+  role       = aws_iam_role.multi_service_role.name
+  policy_arn = aws_iam_policy.secrets_manager_policy.arn
+}
-- 
cgit v1.2.3