1 data "aws_iam_policy_document" "instance_trust" {
16 resource "aws_iam_role" "management" {
17 name = "${var.management_service_name}-role"
18 assume_role_policy = "${data.aws_iam_policy_document.instance_trust.json}"
21 data "aws_iam_policy_document" "management" {
26 "cloudwatch:ListMetrics",
27 "cloudwatch:GetMetricStatistics",
28 "cloudwatch:Describe*",
30 "elasticloadbalancing:*",
32 "iam:GetServerCertificate",
33 "logs:DescribeLogStreams",
45 resources = [ "${aws_sqs_queue.management-events-queue.arn}" ]
52 resources = [ "${aws_sns_topic.management-events.arn}" ]
56 resource "aws_iam_policy" "management" {
57 name = "${var.management_service_name}"
58 description = "${var.management_service_name}"
60 policy = "${data.aws_iam_policy_document.management.json}"
63 resource "aws_iam_role_policy_attachment" "management" {
64 role = "${aws_iam_role.management.id}"
65 policy_arn = "${aws_iam_policy.management.arn}"
68 resource "aws_iam_instance_profile" "management" {
69 name = "${var.management_service_name}-instance-profile"
70 role = "${aws_iam_role.management.name}"