-
Notifications
You must be signed in to change notification settings - Fork 3
/
iam_policy_vpc.tf
33 lines (30 loc) · 1.26 KB
/
iam_policy_vpc.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# ---------------------------------------------------------------------------------------------------------------------
# Create and attach IAM policy for Lambda function to optionally attach to VPC. Lambda execution role requires
# permissions to create and delete network interfaces
# Provider Docs: https://www.terraform.io/docs/providers/aws/r/iam_policy.html
# Data Docs: https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html
# Other docs: https://ao.gl/the-provided-execution-role-does-not-have-permissions-to-call-createnetworkinterface-on-ec2/
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_iam_policy" "vpc" {
count = var.vpc_config == null ? 0 : 1
name = var.vpc_policy_name
policy = data.aws_iam_policy_document.vpc.json
}
data "aws_iam_policy_document" "vpc" {
statement {
actions = [
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:AttachNetworkInterface",
"ec2:DeleteNetworkInterface",
]
resources = [
"*"
]
}
}
resource "aws_iam_role_policy_attachment" "vpc" {
count = var.vpc_config == null ? 0 : 1
role = aws_iam_role.this.name
policy_arn = aws_iam_policy.vpc[0].arn
}