Terraform - IAM user, role, policies 최신화

2024-01-30 17:46:36 +09:00
parent 886e60ab28
commit f3e9a26a95
11 changed files with 115 additions and 49 deletions
--- a/terraform/iam/policies/modules/lambda-execute.tf
+++ b/terraform/iam/policies/modules/lambda-execute.tf
@@ -0,0 +1,35 @@
+resource "aws_iam_policy" "lambda_execute_policy" {
+  name        = "DSK_LambdaExecute"
+  path        = "/"
+
+  policy = jsonencode({
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
+        ],
+        "Resource": "arn:aws:logs:*:*:*"
+      },
+      {
+        "Effect": "Allow",
+        "Action": [
+          "ec2:Start*",
+          "ec2:Stop*"
+        ],
+        "Resource": "*"
+      },
+      {
+        "Sid": "Invoke",
+        "Effect": "Allow",
+        "Action": [
+            "lambda:InvokeFunction"
+        ],
+        "Resource": "*"
+      }
+    ]
+  })
+}