Skip to content

Commit

Permalink
ci: add rds iam permissions for the ci/cd user
Browse files Browse the repository at this point in the history
  • Loading branch information
@nkordis
nkordis committed May 29, 2024
1 parent f44ae9d commit 2b66bf3
Showing 1 changed file with 32 additions and 0 deletions.
32 changes: 32 additions & 0 deletions infra/setup/iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,3 +150,35 @@ resource "aws_iam_user_policy_attachment" "ec2" {
user = aws_iam_user.cd.name
policy_arn = aws_iam_policy.ec2.arn
}

#########################
# Policy for RDS access #
#########################

data "aws_iam_policy_document" "rds" {
statement {
effect = "Allow"
actions = [
"rds:DescribeDBSubnetGroups",
"rds:DescribeDBInstances",
"rds:CreateDBSubnetGroup",
"rds:DeleteDBSubnetGroup",
"rds:CreateDBInstance",
"rds:DeleteDBInstance",
"rds:ListTagsForResource",
"rds:ModifyDBInstance"
]
resources = ["*"]
}
}

resource "aws_iam_policy" "rds" {
name = "${aws_iam_user.cd.name}-rds"
description = "Allow user to manage RDS resources."
policy = data.aws_iam_policy_document.rds.json
}

resource "aws_iam_user_policy_attachment" "rds" {
user = aws_iam_user.cd.name
policy_arn = aws_iam_policy.rds.arn
}

0 comments on commit 2b66bf3

Please sign in to comment.