Created
January 18, 2016 00:24
-
-
Save conorgil/f3d34f3c6778b61dad96 to your computer and use it in GitHub Desktop.
Main file for a module which creates both an IAM Role and IAM Instance Profile of a given name.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### | |
| # Variables | |
| ### | |
| variable "iam_role_name" { | |
| description = "The name of the IAM Role to create. An IAM Instance Profile of the same name will be automatically created for you, similarly to the AWS Console." | |
| } | |
| ### | |
| # Create IAM Role | |
| # | |
| # The assme_role_policy is identical for all IAM Roles intended | |
| # to be assigned to EC2 instances. Therefore, we define it a | |
| # single time here instead of duplicating it throughout the | |
| # code base. | |
| ### | |
| resource "aws_iam_role" "main" { | |
| name = "${var.iam_role_name}" | |
| assume_role_policy = <<EOF | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [{ | |
| "Effect": "Allow", | |
| "Principal": {"Service": "ec2.amazonaws.com"}, | |
| "Action": "sts:AssumeRole" | |
| }] | |
| } | |
| EOF | |
| } | |
| ### | |
| # IAM Instance Profile | |
| # | |
| # See this GitHub comment for context on IAM Role vs IAM Instance Profile: | |
| # https://github.com/hashicorp/terraform/issues/3851#issuecomment-171444541 | |
| ### | |
| resource "aws_iam_instance_profile" "main" { | |
| name = "${var.iam_role_name}" | |
| roles = ["${aws_iam_role.main.id}"] | |
| } | |
| ### | |
| # Module outputs | |
| ### | |
| output "iam_role_id" { | |
| value = "${aws_iam_role.main.id}" | |
| } | |
| output "iam_instance_profile_id" { | |
| value = "${aws_iam_instance_profile.main.id}" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment