From c5f840e96b8c1696a6ed506e9260c4f1c26db10d Mon Sep 17 00:00:00 2001
From: Alex Schofield <git@ajschof.me>
Date: Wed, 14 Aug 2024 23:05:26 +0100
Subject: feat(tf): add cloudwatch events iam policies

---
 terraform/iam.tf | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'terraform')

diff --git a/terraform/iam.tf b/terraform/iam.tf
index acb98f4..0e5fa6d 100644
--- a/terraform/iam.tf
+++ b/terraform/iam.tf
@@ -129,3 +129,30 @@ resource "aws_iam_role_policy_attachment" "cw_attachment" {
   policy_arn = aws_iam_policy.cw_policy.arn
 }
 
+###################
+# EVENTS POLICIES #
+###################
+
+data "aws_iam_policy_document" "cloudwatch_events_policy" {
+  statement {
+    actions = [
+      "events:PutRule",
+      "events:PutTargets",
+      "events:RemoveTargets",
+      "events:DeleteRule",
+      "events:PutEvents"
+    ]
+    resources = ["*"]
+    effect    = "Allow"
+  }
+}
+
+resource "aws_iam_policy" "cloudwatch_events_policy" {
+  name   = "cloudwatch_events_policy"
+  policy = data.aws_iam_policy_document.cloudwatch_events_policy.json
+}
+
+resource "aws_iam_role_policy_attachment" "cloudwatch_events_attachment" {
+  role       = aws_iam_role.multi_service_role.name
+  policy_arn = aws_iam_policy.cloudwatch_events_policy.arn
+}
-- 
cgit v1.2.3