commit for working terraform modules

c4e967e0 · Danny · c67b5293 · c4e967e0
Commit c4e967e0 authored Feb 28, 2019 by Danny
Show whitespace changes
Inline Side-by-side

Showing with 68 additions and 1 deletion

iam.tf iam.tf +68 -1

No files found.
--- a/iam.tf
+++ b/iam.tf
@@ -22,7 +22,6 @@ data "aws_iam_policy_document" "ec2_assume" {
  }
 }

-# TODO: Convert JSON into datasource
 data "aws_iam_policy_document" "ingress" {
  statement {
    actions = [
@@ -32,29 +31,84 @@ data "aws_iam_policy_document" "ingress" {
    ]

    resources = ["*"]
+  }

+  statement {
    actions = [
      "ec2:AuthorizeSecurityGroupIngress",
      "ec2:CreateSecurityGroup",
      "ec2:CreateTags",
+      "ec2:DeleteTags",
      "ec2:DeleteSecurityGroup",
+      "ec2:DescribeAccountAttributes",
+      "ec2:DescribeAddresses",
      "ec2:DescribeInstances",
      "ec2:DescribeInstanceStatus",
+      "ec2:DescribeInternetGateways",
+      "ec2:DescribeNetworkInterfaces",
      "ec2:DescribeSecurityGroups",
      "ec2:DescribeSubnets",
      "ec2:DescribeTags",
      "ec2:DescribeVpcs",
      "ec2:ModifyInstanceAttribute",
+      "ec2:ModifyNetworkInterfaceAttribute",
      "ec2:RevokeSecurityGroupIngress",
    ]

    resources = ["*"]
+  }

+  statement {
    actions = [
+      "elasticloadbalancing:AddListenerCertificates",
+      "elasticloadbalancing:AddTags",
+      "elasticloadbalancing:CreateListener",
+      "elasticloadbalancing:CreateLoadBalancer",
+      "elasticloadbalancing:CreateRule",
+      "elasticloadbalancing:CreateTargetGroup",
+      "elasticloadbalancing:DeleteListener",
+      "elasticloadbalancing:DeleteLoadBalancer",
+      "elasticloadbalancing:DeleteRule",
+      "elasticloadbalancing:DeleteTargetGroup",
+      "elasticloadbalancing:DeregisterTargets",
+      "elasticloadbalancing:DescribeListenerCertificates",
+      "elasticloadbalancing:DescribeListeners",
+      "elasticloadbalancing:DescribeLoadBalancers",
+      "elasticloadbalancing:DescribeLoadBalancerAttributes",
+      "elasticloadbalancing:DescribeRules",
+      "elasticloadbalancing:DescribeSSLPolicies",
+      "elasticloadbalancing:DescribeTags",
+      "elasticloadbalancing:DescribeTargetGroups",
+      "elasticloadbalancing:DescribeTargetGroupAttributes",
+      "elasticloadbalancing:DescribeTargetHealth",
+      "elasticloadbalancing:ModifyListener",
+      "elasticloadbalancing:ModifyLoadBalancerAttributes",
+      "elasticloadbalancing:ModifyRule",
+      "elasticloadbalancing:ModifyTargetGroup",
+      "elasticloadbalancing:ModifyTargetGroupAttributes",
+      "elasticloadbalancing:RegisterTargets",
+      "elasticloadbalancing:RemoveListenerCertificates",
+      "elasticloadbalancing:RemoveTags",
+      "elasticloadbalancing:SetIpAddressType",
+      "elasticloadbalancing:SetSecurityGroups",
+      "elasticloadbalancing:SetSubnets",
+      "elasticloadbalancing:SetWebACL",
+    ]
+
+    resources = ["*"]
+  }
+
+  statement {
+    actions = [
+      "iam:CreateServiceLinkedRole",
      "iam:GetServerCertificate",
      "iam:ListServerCertificates",
    ]

+    resources = ["*"]
+  }
+
+  statement {
    actions = [
      "waf-regional:GetWebACLForResource",
      "waf-regional:GetWebACL",
@@ -62,6 +116,19 @@ data "aws_iam_policy_document" "ingress" {
      "waf-regional:DisassociateWebACL",
    ]

+    resources = ["*"]
+  }
+
+  statement {
+    actions = [
+      "tag:GetResources",
+      "tag:TagResources",
+    ]
+
+    resources = ["*"]
+  }
+
+  statement {
    actions = [
      "waf:GetWebACL",
    ]