49 lines
1.0 KiB
HCL
49 lines
1.0 KiB
HCL
data "aws_iam_policy_document" "access_state" {
|
|
statement {
|
|
effect = "Allow"
|
|
actions = ["s3:ListBucket", "s3:GetBucketVersioning"]
|
|
resources = [module.states_bucket.s3_bucket_arn]
|
|
}
|
|
|
|
statement {
|
|
effect = "Allow"
|
|
actions = ["s3:GetObject", "s3:PutObject"]
|
|
resources = ["${module.states_bucket.s3_bucket_arn}/*"]
|
|
}
|
|
|
|
statement {
|
|
effect = "Allow"
|
|
actions = [
|
|
"dynamodb:GetItem",
|
|
"dynamodb:PutItem",
|
|
"dynamodb:DeleteItem",
|
|
"dynamodb:DescribeTable",
|
|
]
|
|
resources = [aws_dynamodb_table.lock.arn]
|
|
}
|
|
|
|
statement {
|
|
effect = "Allow"
|
|
actions = [
|
|
"kms:ListKeys"
|
|
]
|
|
resources = ["*"]
|
|
}
|
|
|
|
statement {
|
|
effect = "Allow"
|
|
actions = [
|
|
"kms:Encrypt",
|
|
"kms:Decrypt",
|
|
"kms:DescribeKey",
|
|
"kms:GenerateDataKey",
|
|
]
|
|
resources = [aws_kms_key.this.arn]
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_policy" "terraform" {
|
|
name = local.terraform_iam_policy_name
|
|
policy = data.aws_iam_policy_document.access_state.json
|
|
}
|