Terraform a role
Why is this so hard?
Published: Thursday, Aug 25, 2022 Last modified: Tuesday, Nov 26, 2024
Assuming var.gitlab_runner_role_arn has sts.assumerole privileges.
resource "aws_iam_role" "gitlab_runner" {
name = "GitlabRunner"
description = "Gitlab role for read only access"
assume_role_policy = data.aws_iam_policy_document.allow_central_access.json
}
resource "aws_iam_role_policy_attachment" "readonly" {
role = aws_iam_role.gitlab_runner.name
policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
}
data "aws_iam_policy_document" "allow_central_access" {
statement {
sid = "gitlabrunner"
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
identifiers = [var.gitlab_runner_role_arn]
type = "AWS"
}
}
}