--- /dev/null
+data "aws_iam_policy_document" "instance_trust" {
+ statement {
+ effect = "Allow"
+ actions = [
+ "sts:AssumeRole"
+ ]
+ principals {
+ type = "Service"
+ identifiers = [
+ "ec2.amazonaws.com"
+ ]
+ }
+ }
+}
+
+resource "aws_iam_role" "default" {
+ name = "${var.module}${length(var.stack) > 0 ? "-" : ""}${var.stack}-role"
+ assume_role_policy = "${data.aws_iam_policy_document.instance_trust.json}"
+}
+
+data "aws_iam_policy_document" "default" {
+ statement {
+ effect = "Allow"
+ actions = ["${var.iam_allow_actions}"]
+ resources = ["*"]
+ }
+}
+
+resource "aws_iam_policy" "default" {
+ name = "${var.module}${length(var.stack) > 0 ? "-" : ""}${var.stack}"
+ description = "specific policy for ${var.module}${length(var.stack) > 0 ? "-" : ""}${var.stack}"
+ policy = "${data.aws_iam_policy_document.default.json}"
+}
+
+resource "aws_iam_role_policy_attachment" "default" {
+ role = "${aws_iam_role.default.id}"
+ policy_arn = "${aws_iam_policy.default.arn}"
+}
+
+resource "aws_iam_role_policy_attachment" "extra" {
+ count = "${length(var.iam_policy_arns)}"
+ role = "${aws_iam_role.default.id}"
+ policy_arn = "${element(var.iam_policy_arns, count.index)}"
+}
+
+resource "aws_iam_instance_profile" "default" {
+ name = "${var.module}${length(var.stack) > 0 ? "-" : ""}${var.stack}-instance-profile"
+ role = "${aws_iam_role.default.name}"
+}