インスタンスに適用な可能なiam roleをファイルで管理する。
公式のサンプルだとtfに直接書いてるのでメモ代わり
resource "aws_iam_role" "front" {
name = "front"
assume_role_policy = "${file("./iam/assume.policy")}"
}
resource "aws_iam_policy" "front" {
name = "front"
path = "/"
description = "for front policy"
policy = "${file("./iam/front_role.policy")}"
}
resource "aws_iam_policy_attachment" "front_role_attachment" {
name = "front_role_attachment"
roles = ["${aws_iam_role.front.name}"]
policy_arn = "${aws_iam_policy.front.arn}"
}
resource "aws_iam_instance_profile" "front" {
name = "front"
roles = ["${aws_iam_role.front.name}"]
}
./iam/assume.policy
と./iam/front_role.policy
を置いて、
aws_instanceやaws_launch_configurationに次を追加すれば使えます。
iam_instance_profile = "${aws_iam_instance_profile.front.id}"