Skip to content

Commit

Permalink
fix: remove user group, approved_arns is fine
Browse files Browse the repository at this point in the history
  • Loading branch information
@Apollo-XIV
Apollo-XIV committed Sep 25, 2024
1 parent 02aa41b commit 58ef8ff
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 20 deletions.
20 changes: 0 additions & 20 deletions aws-s3-backend/assume_role.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,23 +21,3 @@ resource "aws_iam_role_policy_attachment" "terraform_role_admin_access" {
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}

# Create the IAM group
resource "aws_iam_group" "infrastructure_user_group" {
name = "${var.prefix}-iac-users"
}

# Attach the policy to allow group members to assume the role
resource "aws_iam_group_policy" "infrastructure_user_policy" {
group = aws_iam_group.infrastructure_user_group.name

policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Effect = "Allow",
Action = "sts:AssumeRole",
Resource = aws_iam_role.iac_role.arn
}
]
})
}
44 changes: 44 additions & 0 deletions aws-s3-backend/example/.terraform.lock.hcl
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions aws-s3-backend/example/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@

module "s3_backend" {
source = "../."
prefix = "example"
environments = [
"dev"
]

approved_arns = [
"arn:aws:iam::013948180024:user/desktop"
]
}

0 comments on commit 58ef8ff

Please sign in to comment.