Skip to content

Instantly share code, notes, and snippets.

@bstopp

bstopp/TerraformRolePolicy.json

Created July 4, 2018 19:22
Show Gist options
  • Save bstopp/c62ad43629865e9529d3c7350fa39791 to your computer and use it in GitHub Desktop.
Save bstopp/c62ad43629865e9529d3c7350fa39791 to your computer and use it in GitHub Desktop.
Download ZIP
AWS Assume Role Issue Examples
Raw
main.tf
terraform {
backend "s3" {
# Bucket Configuration
bucket = "bstopp"
key = "terraform/stopp.tfstate"
region = "us-east-1"
# AWS Security Access.
profile = "session_profile"
session_name = "Terraform"
// The role_arn needs to be passed on the command line:
// terraform init -backend-config="role_arn=arn:aws:iam::<account id>:role/Terraform"
}
}
Raw
TerraformRolePolicy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "S3BucketAccess",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bstopp"
},
{
"Sid": "S3StateAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject"
],
"Resource": "arn:aws:s3:::bstopp/terraform/stopp.tfstate"
}
]
}
Raw
TerraformRoleTrustPolicy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<<account id>>:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "1"
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment