feat: add user group creation to s3 module

Apollo-XIV · Sep 25, 2024 · e458649 · e458649
1 parent 34fd29d
commit e458649
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/aws-s3-backend/assume_role.tf b/aws-s3-backend/assume_role.tf
@@ -21,3 +21,23 @@ resource "aws_iam_role_policy_attachment" "terraform_role_admin_access" {
   policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
 }
 
+# Create the IAM group
+resource "aws_iam_group" "infrastructure_user_group" {
+  name = "${var.prefix}-iac-users"
+}
+
+# Attach the policy to allow group members to assume the role
+resource "aws_iam_group_policy" "infrastructure_user_policy" {
+  group = aws_iam_group.infrastructure_user_group.name
+
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect   = "Allow",
+        Action   = "sts:AssumeRole",
+        Resource = aws_iam_role.iac_role.arn
+      }
+    ]
+  })
+}