Skip to content

Commit

Permalink
provide access to the application to create schedules
Browse files Browse the repository at this point in the history
  • Loading branch information
ssickles committed Apr 12, 2024
1 parent 8dae157 commit 021efcf
Showing 1 changed file with 39 additions and 0 deletions.
39 changes: 39 additions & 0 deletions access.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
resource "aws_iam_role_policy_attachment" "scheduler-policy" {
role = var.app_metadata["role_name"]
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceEventTargetRole"
}

resource "aws_iam_role_policy_attachment" "assume-scheduler" {
role = var.app_metadata["role_name"]
policy_arn = aws_iam_policy.assume-scheduler.arn
}

resource "aws_iam_policy" "assume-scheduler" {
name = local.resource_name
description = "Policy to enable the creation of schedules for batch jobs"
policy = data.aws_iam_policy_document.assume-scheduler.json
}

data "aws_iam_policy_document" "assume-scheduler" {
statement {
effect = "Allow"

principals {
type = "Service"
identifiers = ["scheduler.amazonaws.com"]
}

actions = ["sts:AssumeRole"]
}

statement {
effect = "Allow"

principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}

actions = ["sts:AssumeRole"]
}
}

0 comments on commit 021efcf

Please sign in to comment.