Fixed incorrect understanding of Terraforms application of IAM policies

a0f19172 · Chris Merrett · 7ea5b6ed · a0f19172
Commit a0f19172 authored Jan 18, 2017 by Chris Merrett
Show whitespace changes
Inline Side-by-side

Showing with 27 additions and 8 deletions

main.tf main.tf +27 -8

No files found.
--- a/main.tf
+++ b/main.tf
@@ -34,7 +34,7 @@ variable "cloudwatch_schedule" {
 #############################################################################################################
 # IAM
 #############################################################################################################
-data "aws_iam_policy_document" "main" {
+data "aws_iam_policy_document" "policy" {
  statement {
    effect    = "Allow"
    actions   = [
@@ -70,9 +70,28 @@ data "aws_iam_policy_document" "main" {
  }
 }
+data "aws_iam_policy_document" "trust" {
+  statement {
+    effect  = "Allow"
+    principals {
+      type        = "Service"
+      identifiers = ["lambda.amazonaws.com"]
+    }
+    actions = [
+      "sts:AssumeRole",
+    ]
+  }
+}
+resource "aws_iam_role_policy" "main" {
+  name   = "lambda_ebs_snapshots"
+  role   = "${aws_iam_role.main.id}"
+  policy = "${data.aws_iam_policy_document.policy.json}"
+}
 resource "aws_iam_role" "main" {
  name               = "lambda_ebs_snapshots"
-  assume_role_policy = "${data.aws_iam_policy_document.main.json}"
+  assume_role_policy = "${data.aws_iam_policy_document.trust.json}"
 }
 #############################################################################################################