-
Notifications
You must be signed in to change notification settings - Fork 0
/
vpc.tf
42 lines (38 loc) · 1.13 KB
/
vpc.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
data "aws_iam_policy_document" "vpc_for_github" {
statement {
sid = "AllowListDescribe"
effect = "Allow"
actions = [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeDhcpOptions",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSecurityGroupRules",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeTransitGateways",
"ec2:DescribeTransitGatewayVpcAttachments",
"ec2:DescribeTransitGatewayRouteTables",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs"
]
resources = ["*"]
}
}
resource "aws_iam_policy" "vpc_for_github" {
policy = data.aws_iam_policy_document.vpc_for_github.json
name = "vpc-for-github"
tags = {
GithubTeam = "webops"
}
}
resource "aws_iam_role_policy_attachment" "vpc_for_github" {
role = aws_iam_role.github_access.name
policy_arn = aws_iam_policy.vpc_for_github.arn
}