From 61149888de7095ceab8cab4fd0e2711c85295177 Mon Sep 17 00:00:00 2001 From: dsk-minchulahn Date: Fri, 26 Jan 2024 17:20:37 +0900 Subject: [PATCH] =?UTF-8?q?Terraform=20-=20IAM=20-=20Role,=20Policies=20?= =?UTF-8?q?=EA=B5=AC=EC=84=B1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- terraform/iam/policies/.terraform.lock.hcl | 25 ++++++++++++++++++++ terraform/iam/policies/main.tf | 7 ++++++ terraform/iam/policies/modules/policies.tf | 27 ++++++++++++++++++++++ terraform/iam/policies/variables.tf | 3 +++ terraform/iam/policies/version.tf | 8 +++++++ terraform/iam/roles/.terraform.lock.hcl | 25 ++++++++++++++++++++ terraform/iam/roles/main.tf | 7 ++++++ terraform/iam/roles/modules/roles.tf | 24 +++++++++++++++++++ terraform/iam/roles/modules/variables.tf | 4 ++++ terraform/iam/roles/variables.tf | 3 +++ terraform/iam/roles/version.tf | 8 +++++++ 11 files changed, 141 insertions(+) create mode 100644 terraform/iam/policies/.terraform.lock.hcl create mode 100644 terraform/iam/policies/main.tf create mode 100644 terraform/iam/policies/modules/policies.tf create mode 100644 terraform/iam/policies/variables.tf create mode 100644 terraform/iam/policies/version.tf create mode 100644 terraform/iam/roles/.terraform.lock.hcl create mode 100644 terraform/iam/roles/main.tf create mode 100644 terraform/iam/roles/modules/roles.tf create mode 100644 terraform/iam/roles/modules/variables.tf create mode 100644 terraform/iam/roles/variables.tf create mode 100644 terraform/iam/roles/version.tf diff --git a/terraform/iam/policies/.terraform.lock.hcl b/terraform/iam/policies/.terraform.lock.hcl new file mode 100644 index 0000000..cf00880 --- /dev/null +++ b/terraform/iam/policies/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.34.0" + constraints = "~> 5.0" + hashes = [ + "h1:Tbq6dKE+XyXmkup6+7eQj2vH+eCJipk8R3VXhebVYi4=", + "zh:01bb20ae12b8c66f0cacec4f417a5d6741f018009f3a66077008e67cce127aa4", + "zh:3b0c9bdbbf846beef2c9573fc27898ceb71b69cf9d2f4b1dd2d0c2b539eab114", + "zh:5226ecb9c21c2f6fbf1d662ac82459ffcd4ad058a9ea9c6200750a21a80ca009", + "zh:6021b905d9b3cd3d7892eb04d405c6fa20112718de1d6ef7b9f1db0b0c97721a", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9e61b8e0ccf923979cd2dc1f1140dbcb02f92248578e10c1996f560b6306317c", + "zh:ad6bf62cdcf531f2f92f6416822918b7ba2af298e4a0065c6baf44991fda982d", + "zh:b698b041ef38837753bbe5265dddbc70b76e8b8b34c5c10876e6aab0eb5eaf63", + "zh:bb799843c534f6a3f072a99d93a3b53ff97c58a96742be15518adf8127706784", + "zh:cebee0d942c37cd3b21e9050457cceb26d0a6ea886b855dab64bb67d78f863d1", + "zh:e061fdd1cb99e7c81fb4485b41ae000c6792d38f73f9f50aed0d3d5c2ce6dcfb", + "zh:eeb4943f82734946362696928336357cd1d36164907ae5905da0316a67e275e1", + "zh:ef09b6ad475efa9300327a30cbbe4373d817261c8e41e5b7391750b16ef4547d", + "zh:f01aab3881cd90b3f56da7c2a75f83da37fd03cc615fc5600a44056a7e0f9af7", + "zh:fcd0f724ebc4b56a499eb6c0fc602de609af18a0d578befa2f7a8df155c55550", + ] +} diff --git a/terraform/iam/policies/main.tf b/terraform/iam/policies/main.tf new file mode 100644 index 0000000..3164532 --- /dev/null +++ b/terraform/iam/policies/main.tf @@ -0,0 +1,7 @@ +provider "aws" { + region = var.aws_region +} + +module "policies" { + source = "./modules" +} diff --git a/terraform/iam/policies/modules/policies.tf b/terraform/iam/policies/modules/policies.tf new file mode 100644 index 0000000..219e30a --- /dev/null +++ b/terraform/iam/policies/modules/policies.tf @@ -0,0 +1,27 @@ +resource "aws_iam_policy" "policy" { + name = "DSK_LambdaExecute" + path = "/" + + policy = jsonencode({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Resource": "arn:aws:logs:*:*:*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:Start*", + "ec2:Stop*" + ], + "Resource": "*" + } + ] + }) +} \ No newline at end of file diff --git a/terraform/iam/policies/variables.tf b/terraform/iam/policies/variables.tf new file mode 100644 index 0000000..450cabe --- /dev/null +++ b/terraform/iam/policies/variables.tf @@ -0,0 +1,3 @@ +variable "aws_region" { + default = "ap-northeast-2" +} \ No newline at end of file diff --git a/terraform/iam/policies/version.tf b/terraform/iam/policies/version.tf new file mode 100644 index 0000000..3f773c6 --- /dev/null +++ b/terraform/iam/policies/version.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } +} \ No newline at end of file diff --git a/terraform/iam/roles/.terraform.lock.hcl b/terraform/iam/roles/.terraform.lock.hcl new file mode 100644 index 0000000..cf00880 --- /dev/null +++ b/terraform/iam/roles/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.34.0" + constraints = "~> 5.0" + hashes = [ + "h1:Tbq6dKE+XyXmkup6+7eQj2vH+eCJipk8R3VXhebVYi4=", + "zh:01bb20ae12b8c66f0cacec4f417a5d6741f018009f3a66077008e67cce127aa4", + "zh:3b0c9bdbbf846beef2c9573fc27898ceb71b69cf9d2f4b1dd2d0c2b539eab114", + "zh:5226ecb9c21c2f6fbf1d662ac82459ffcd4ad058a9ea9c6200750a21a80ca009", + "zh:6021b905d9b3cd3d7892eb04d405c6fa20112718de1d6ef7b9f1db0b0c97721a", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9e61b8e0ccf923979cd2dc1f1140dbcb02f92248578e10c1996f560b6306317c", + "zh:ad6bf62cdcf531f2f92f6416822918b7ba2af298e4a0065c6baf44991fda982d", + "zh:b698b041ef38837753bbe5265dddbc70b76e8b8b34c5c10876e6aab0eb5eaf63", + "zh:bb799843c534f6a3f072a99d93a3b53ff97c58a96742be15518adf8127706784", + "zh:cebee0d942c37cd3b21e9050457cceb26d0a6ea886b855dab64bb67d78f863d1", + "zh:e061fdd1cb99e7c81fb4485b41ae000c6792d38f73f9f50aed0d3d5c2ce6dcfb", + "zh:eeb4943f82734946362696928336357cd1d36164907ae5905da0316a67e275e1", + "zh:ef09b6ad475efa9300327a30cbbe4373d817261c8e41e5b7391750b16ef4547d", + "zh:f01aab3881cd90b3f56da7c2a75f83da37fd03cc615fc5600a44056a7e0f9af7", + "zh:fcd0f724ebc4b56a499eb6c0fc602de609af18a0d578befa2f7a8df155c55550", + ] +} diff --git a/terraform/iam/roles/main.tf b/terraform/iam/roles/main.tf new file mode 100644 index 0000000..6d75916 --- /dev/null +++ b/terraform/iam/roles/main.tf @@ -0,0 +1,7 @@ +provider "aws" { + region = var.aws_region +} + +module "roles" { + source = "./modules" +} diff --git a/terraform/iam/roles/modules/roles.tf b/terraform/iam/roles/modules/roles.tf new file mode 100644 index 0000000..8dd3987 --- /dev/null +++ b/terraform/iam/roles/modules/roles.tf @@ -0,0 +1,24 @@ +data "aws_iam_policy_document" "assume_role" { + statement { + effect = "Allow" + principals { + type = "Service" + identifiers = ["lambda.amazonaws.com"] + } + actions = ["sts:AssumeRole"] + } +} + +resource "aws_iam_role" "role" { + name = "DSK_Lambda_Role" + assume_role_policy = data.aws_iam_policy_document.assume_role.json + + tags = { + Name = "dsk-lambda-role" + } +} + +resource "aws_iam_role_policy_attachment" "role_policy_attach" { + role = aws_iam_role.role.name + policy_arn = var.DSK_LambdaExecute +} \ No newline at end of file diff --git a/terraform/iam/roles/modules/variables.tf b/terraform/iam/roles/modules/variables.tf new file mode 100644 index 0000000..3945202 --- /dev/null +++ b/terraform/iam/roles/modules/variables.tf @@ -0,0 +1,4 @@ +variable "DSK_LambdaExecute" { + type = string + default = "arn:aws:iam::508259851457:policy/DSK_LambdaExecute" +} \ No newline at end of file diff --git a/terraform/iam/roles/variables.tf b/terraform/iam/roles/variables.tf new file mode 100644 index 0000000..450cabe --- /dev/null +++ b/terraform/iam/roles/variables.tf @@ -0,0 +1,3 @@ +variable "aws_region" { + default = "ap-northeast-2" +} \ No newline at end of file diff --git a/terraform/iam/roles/version.tf b/terraform/iam/roles/version.tf new file mode 100644 index 0000000..3f773c6 --- /dev/null +++ b/terraform/iam/roles/version.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } +} \ No newline at end of file