38 lines
1.2 KiB
HCL
38 lines
1.2 KiB
HCL
# ---------------------------
|
|
# IAMポリシー
|
|
# ---------------------------
|
|
# セッションマネージャー経由でEC2に接続できるようにする
|
|
# 信頼ポリシーの設定
|
|
data "aws_iam_policy_document" "cmdb_assume_role_for_ec2" {
|
|
statement {
|
|
actions = ["sts:AssumeRole"]
|
|
principals {
|
|
type = "Service"
|
|
identifiers = ["ec2.amazonaws.com"]
|
|
}
|
|
}
|
|
}
|
|
|
|
# SSMの許可ポリシーを取得
|
|
data "aws_iam_policy" "cmdb_ssm_core" {
|
|
name = "AmazonSSMManagedInstanceCore"
|
|
}
|
|
|
|
# IAMロールの作成
|
|
resource "aws_iam_role" "cmdb_ssm_role" {
|
|
name = "cmdb-ssm-role"
|
|
assume_role_policy = data.aws_iam_policy_document.cmdb_assume_role_for_ec2.json
|
|
}
|
|
|
|
# ポリシーをロールにアタッチ
|
|
resource "aws_iam_role_policy_attachment" "cmdb_ssm_policy_attachment" {
|
|
role = aws_iam_role.cmdb_ssm_role.name
|
|
policy_arn = data.aws_iam_policy.cmdb_ssm_core.arn
|
|
}
|
|
|
|
# EC2に設定するためのインスタンスプロファイルを作成
|
|
resource "aws_iam_instance_profile" "cmdb_ssm_instance_profile" {
|
|
name = "cmdb-ssm-instance-profile"
|
|
role = aws_iam_role.cmdb_ssm_role.name
|
|
}
|