mirror of
https://github.com/Hestia-Homes/Model.git
synced 2026-06-08 11:17:27 +00:00
37 lines
860 B
HCL
37 lines
860 B
HCL
data "aws_iam_policy_document" "assume" {
|
|
statement {
|
|
effect = "Allow"
|
|
principals {
|
|
type = "Service"
|
|
identifiers = ["lambda.amazonaws.com"]
|
|
}
|
|
actions = ["sts:AssumeRole"]
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_role" "this" {
|
|
name = var.name
|
|
assume_role_policy = data.aws_iam_policy_document.assume.json
|
|
}
|
|
|
|
resource "aws_iam_role_policy_attachment" "basic_logs" {
|
|
role = aws_iam_role.this.name
|
|
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
|
|
}
|
|
|
|
resource "aws_iam_role_policy" "ecr_pull" {
|
|
role = aws_iam_role.this.name
|
|
|
|
policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"ecr:GetAuthorizationToken",
|
|
"ecr:BatchGetImage",
|
|
"ecr:GetDownloadUrlForLayer"
|
|
]
|
|
Resource = "*"
|
|
}]
|
|
})
|
|
}
|