Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ### New role creation
- ### Here assume_role_policy MUST be defined for the trust relationship
- resource "aws_iam_role" "codedeploy_service_role" {
- name = "CodeDeployServiceRole"
- assume_role_policy = <<EOF
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": {
- "Service": "ec2.amazonaws.com"
- },
- "Effect": "Allow",
- "Sid": ""
- }
- ]
- }
- EOF
- }
- ### AWS policy ARN for existing service role
- data "aws_iam_policy" "codedeploy_service_policy" {
- arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole"
- }
- ### Policy attachment
- resource "aws_iam_role_policy_attachment" "codedeploy_service_role_policy_attach" {
- role = "${aws_iam_role.codedeploy_service_role.name}"
- policy_arn = "${data.aws_iam_policy.codedeploy_service_policy.arn}"
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement