Use variable for MozDef logs policy ARN
This commit is contained in:
Yousef Alam
Родитель
4659b88083
Коммит
fc4e6f54c4
|
|
@ -22,7 +22,7 @@ resource "aws_iam_role" "consul-role" {
|
||||||
|
|
||||||
resource "aws_iam_role_policy_attachment" "consul-access-policy" {
|
resource "aws_iam_role_policy_attachment" "consul-access-policy" {
|
||||||
role = "${aws_iam_role.consul-role.name}"
|
role = "${aws_iam_role.consul-role.name}"
|
||||||
policy_arn = "arn:aws:iam::484535289196:policy/SnsMozdefLogsFullAccess"
|
policy_arn = "${lookup(var.unmanaged_role_arns, "mozdef-logging")}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_instance_profile" "consul-profile" {
|
resource "aws_iam_instance_profile" "consul-profile" {
|
||||||
|
|
|
||||||
2
iam.tf
2
iam.tf
|
|
@ -393,5 +393,5 @@ resource "aws_iam_role" "mozdef-logs-role" {
|
||||||
|
|
||||||
resource "aws_iam_role_policy_attachment" "mozdef-sns-policy" {
|
resource "aws_iam_role_policy_attachment" "mozdef-sns-policy" {
|
||||||
role = "${aws_iam_role.mozdef-logs-role.name}"
|
role = "${aws_iam_role.mozdef-logs-role.name}"
|
||||||
policy_arn = "arn:aws:iam::484535289196:policy/SnsMozdefLogsFullAccess"
|
policy_arn = "${lookup(var.unmanaged_role_arns, "mozdef-logging")}"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ resource "aws_iam_role" "jenkins-role" {
|
||||||
|
|
||||||
resource "aws_iam_role_policy_attachment" "jenkins-access-policy" {
|
resource "aws_iam_role_policy_attachment" "jenkins-access-policy" {
|
||||||
role = "${aws_iam_role.jenkins-role.name}"
|
role = "${aws_iam_role.jenkins-role.name}"
|
||||||
policy_arn = "arn:aws:iam::484535289196:policy/SnsMozdefLogsFullAccess"
|
policy_arn = "${lookup(var.unmanaged_role_arns, "mozdef-logging")}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_instance_profile" "jenkins-profile" {
|
resource "aws_iam_instance_profile" "jenkins-profile" {
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,7 @@ resource "aws_iam_role" "mesos-slave-host-role" {
|
||||||
|
|
||||||
resource "aws_iam_role_policy_attachment" "mesos-master-host-mozdef-policy" {
|
resource "aws_iam_role_policy_attachment" "mesos-master-host-mozdef-policy" {
|
||||||
role = "${aws_iam_role.mesos-master-host-role.name}"
|
role = "${aws_iam_role.mesos-master-host-role.name}"
|
||||||
policy_arn = "arn:aws:iam::484535289196:policy/SnsMozdefLogsFullAccess"
|
policy_arn = "${lookup(var.unmanaged_role_arns, "mozdef-logging")}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_instance_profile" "mesos-master-profile" {
|
resource "aws_iam_instance_profile" "mesos-master-profile" {
|
||||||
|
|
|
||||||
|
|
@ -51,3 +51,10 @@ variable "unmanaged_role_ids" {
|
||||||
InfosecSecurityAuditRole = "AROAJHELZZZIXWALL3AVS"
|
InfosecSecurityAuditRole = "AROAJHELZZZIXWALL3AVS"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "unmanaged_role_arns" {
|
||||||
|
type = "map"
|
||||||
|
default = {
|
||||||
|
mozdef-logging = "arn:aws:iam::484535289196:policy/SnsMozdefLogsFullAccess"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
2
vpn.tf
2
vpn.tf
|
|
@ -22,7 +22,7 @@ resource "aws_iam_role" "vpn-role" {
|
||||||
|
|
||||||
resource "aws_iam_role_policy_attachment" "vpn-access-policy" {
|
resource "aws_iam_role_policy_attachment" "vpn-access-policy" {
|
||||||
role = "${aws_iam_role.vpn-role.name}"
|
role = "${aws_iam_role.vpn-role.name}"
|
||||||
policy_arn = "arn:aws:iam::484535289196:policy/SnsMozdefLogsFullAccess"
|
policy_arn = "${lookup(var.unmanaged_role_arns, "mozdef-logging")}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_instance_profile" "vpn-profile" {
|
resource "aws_iam_instance_profile" "vpn-profile" {
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче