Terraform a role

Why is this so hard?

Published: Thursday, Aug 25, 2022 Last modified: Tuesday, Nov 26, 2024

Assuming var.gitlab_runner_role_arn has sts.assumerole privileges.

resource "aws_iam_role" "gitlab_runner" {
  name               = "GitlabRunner"
  description        = "Gitlab role for read only access"
  assume_role_policy = data.aws_iam_policy_document.allow_central_access.json
}

resource "aws_iam_role_policy_attachment" "readonly" {
  role       = aws_iam_role.gitlab_runner.name
  policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
}

data "aws_iam_policy_document" "allow_central_access" {
  statement {
	sid     = "gitlabrunner"
	effect  = "Allow"
	actions = ["sts:AssumeRole"]
	principals {
	  identifiers = [var.gitlab_runner_role_arn]
	  type        = "AWS"
	}
  }
}