Skip to content

Commit

Permalink
dont need to assume role
Browse files Browse the repository at this point in the history
  • Loading branch information
ssickles committed Apr 12, 2024
1 parent a9702c5 commit 6b5bec1
Showing 1 changed file with 1 addition and 36 deletions.
37 changes: 1 addition & 36 deletions access.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ resource "aws_iam_role_policy_attachment" "batch-job-creation" {
}

resource "aws_iam_policy" "batch-job-creation" {
name = "${local.resource_name}-batch-job-creation"
name = local.resource_name
policy = data.aws_iam_policy_document.batch-job-creation.json
description = "Policy to enable the management and creation of batch jobs"
}
Expand All @@ -25,38 +25,3 @@ data "aws_iam_policy_document" "batch-job-creation" {
resources = ["*"]
}
}

resource "aws_iam_role_policy_attachment" "assume-scheduler" {
role = var.app_metadata["role_name"]
policy_arn = aws_iam_policy.assume-scheduler.arn
}

resource "aws_iam_policy" "assume-scheduler" {
name = "${local.resource_name}-assume-scheduler"
policy = data.aws_iam_policy_document.assume-scheduler.json
description = "Policy to allow assuming the scheduler and events roles"
}

data "aws_iam_policy_document" "assume-scheduler" {
statement {
effect = "Allow"

principals {
type = "Service"
identifiers = ["scheduler.amazonaws.com"]
}

actions = ["sts:AssumeRole"]
}

statement {
effect = "Allow"

principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}

actions = ["sts:AssumeRole"]
}
}

0 comments on commit 6b5bec1

Please sign in to comment.