Skip to content

Commit

Permalink
Making roles unique
Browse files Browse the repository at this point in the history
  • Loading branch information
@Tohaker
Tohaker committed Feb 13, 2023
1 parent b7f30a5 commit d15e73d
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 27 deletions.
26 changes: 13 additions & 13 deletions packages/terraform/development/iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@ data "aws_iam_policy_document" "assume_role" {
}

resource "aws_iam_role" "parse_command_role" {
name = "parse_command_role"
name = "${var.app_name}-parse_command_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role_policy" "start_state_machine" {
name = "start_state_machine"
name = "${var.app_name}-start_state_machine"
role = aws_iam_role.parse_command_role.id

policy = jsonencode({
Expand All @@ -34,7 +34,7 @@ resource "aws_iam_role_policy" "start_state_machine" {
}

resource "aws_iam_policy" "access_dynamodb" {
name = "access_dynamodb"
name = "${var.app_name}-access_dynamodb"
description = "Access required commands on specific DynamoDB tables"

policy = jsonencode({
Expand All @@ -61,7 +61,7 @@ resource "aws_iam_policy" "access_dynamodb" {
}

resource "aws_iam_policy" "access_s3" {
name = "access_s3"
name = "${var.app_name}-access_s3"
description = "Access required commands on specific S3 buckets"

policy = jsonencode({
Expand All @@ -86,49 +86,49 @@ resource "aws_iam_policy" "access_s3" {
}

resource "aws_iam_role" "get_map_role" {
name = "get_map_role"
name = "${var.app_name}-get_map_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role" "create_map_role" {
name = "create_map_role"
name = "${var.app_name}-create_map_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role" "delete_map_role" {
name = "delete_map_role"
name = "${var.app_name}-delete_map_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role" "add_token_role" {
name = "add_token_role"
name = "${var.app_name}-add_token_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role" "move_delete_token_role" {
name = "move_delete_token_role"
name = "${var.app_name}-move_delete_token_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role" "send_response_role" {
name = "send_response_role"
name = "${var.app_name}-send_response_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role" "janitor_role" {
name = "janitor_role"
name = "${var.app_name}-janitor_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_policy_attachment" "dynamodb_attach" {
name = "dynamodb-attachment"
name = "${var.app_name}-dynamodb-attachment"
roles = [
aws_iam_role.get_map_role.name,
aws_iam_role.create_map_role.name,
Expand All @@ -141,7 +141,7 @@ resource "aws_iam_policy_attachment" "dynamodb_attach" {
}

resource "aws_iam_policy_attachment" "s3_attach" {
name = "s3-attachment"
name = "${var.app_name}-s3-attachment"
roles = [
aws_iam_role.create_map_role.name,
aws_iam_role.delete_map_role.name,
Expand Down
26 changes: 13 additions & 13 deletions packages/terraform/production/iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@ data "aws_iam_policy_document" "assume_role" {
}

resource "aws_iam_role" "parse_command_role" {
name = "parse_command_role"
name = "${var.app_name}-parse_command_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role_policy" "start_state_machine" {
name = "start_state_machine"
name = "${var.app_name}-start_state_machine"
role = aws_iam_role.parse_command_role.id

policy = jsonencode({
Expand All @@ -34,7 +34,7 @@ resource "aws_iam_role_policy" "start_state_machine" {
}

resource "aws_iam_policy" "access_dynamodb" {
name = "access_dynamodb"
name = "${var.app_name}-access_dynamodb"
description = "Access required commands on specific DynamoDB tables"

policy = jsonencode({
Expand All @@ -61,7 +61,7 @@ resource "aws_iam_policy" "access_dynamodb" {
}

resource "aws_iam_policy" "access_s3" {
name = "access_s3"
name = "${var.app_name}-access_s3"
description = "Access required commands on specific S3 buckets"

policy = jsonencode({
Expand All @@ -86,49 +86,49 @@ resource "aws_iam_policy" "access_s3" {
}

resource "aws_iam_role" "get_map_role" {
name = "get_map_role"
name = "${var.app_name}-get_map_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role" "create_map_role" {
name = "create_map_role"
name = "${var.app_name}-create_map_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role" "delete_map_role" {
name = "delete_map_role"
name = "${var.app_name}-delete_map_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role" "add_token_role" {
name = "add_token_role"
name = "${var.app_name}-add_token_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role" "move_delete_token_role" {
name = "move_delete_token_role"
name = "${var.app_name}-move_delete_token_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role" "send_response_role" {
name = "send_response_role"
name = "${var.app_name}-send_response_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role" "janitor_role" {
name = "janitor_role"
name = "${var.app_name}-janitor_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_policy_attachment" "dynamodb_attach" {
name = "dynamodb-attachment"
name = "${var.app_name}-dynamodb-attachment"
roles = [
aws_iam_role.get_map_role.name,
aws_iam_role.create_map_role.name,
Expand All @@ -141,7 +141,7 @@ resource "aws_iam_policy_attachment" "dynamodb_attach" {
}

resource "aws_iam_policy_attachment" "s3_attach" {
name = "s3-attachment"
name = "${var.app_name}-s3-attachment"
roles = [
aws_iam_role.create_map_role.name,
aws_iam_role.delete_map_role.name,
Expand Down
2 changes: 1 addition & 1 deletion packages/terraform/user/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ resource "aws_iam_user_policy" "s3backend" {
"s3:DeleteObject"
]
Effect = "Allow"
Resource = "${aws_s3_bucket.backend.arn}/terraform.tfstate"
Resource = "${aws_s3_bucket.backend.arn}/*.tfstate"
},
]
})
Expand Down

0 comments on commit d15e73d

Please sign in to comment.