resource "aws_iam_role" "ecs-instance-role" { name = "ecs-instance-role" pat

1. resource "aws_iam_role" "ecs-instance-role" {
2. name = "ecs-instance-role"
3. path = "/"
4. assume_role_policy = "${data.aws_iam_policy_document.ecs-instance-policy.json}"
5. }
6.  
7.  
8.  
9. data "aws_iam_policy_document" "ecs-instance-policy" {
10. statement {
11. actions = ["sts:AssumeRole"]
12. principals {
13. type = "Service"
14. identifiers = ["ec2.amazonaws.com"]
15. }
16. }
17. }
18.  
19. resource "aws_iam_role_policy_attachment" "ecs-instance-role-attachment" {
20. role = "${aws_iam_role.ecs-instance-role.name}"
21. policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
22. }
23.  
24. resource "aws_iam_instance_profile" "ecs-instance-profile" {
25. name = "ecs-instance-profile"
26. path = "/"
27. role = "${aws_iam_role.ecs-instance-role.id}"
28. provisioner "local-exec" {
29. command = "sleep 60"
30. }
31. }
32.  
33. resource "aws_iam_role" "ecs-service-role" {
34. name = "ecs-service-role"
35. path = "/"
36. assume_role_policy = "${data.aws_iam_policy_document.ecs-service-policy.json}"
37. }
38.  
39. resource "aws_iam_role_policy_attachment" "ecs-service-role-attachment" {
40. role = "${aws_iam_role.ecs-service-role.name}"
41. policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"
42. }
43.  
44. data "aws_iam_policy_document" "ecs-service-policy" {
45. statement {
46. actions = ["sts:AssumeRole"]
47. principals {
48. type = "Service"
49. identifiers = ["ecs.amazonaws.com"]
50. }
51. }
52. }