From 2b66bf3594849af78830304dd8b59ccdf10e00a7 Mon Sep 17 00:00:00 2001
From: nkordis <nikoskordis@gmail.com>
Date: Wed, 29 May 2024 15:43:54 +0200
Subject: [PATCH] ci: add rds iam permissions for the ci/cd user

---
 infra/setup/iam.tf | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/infra/setup/iam.tf b/infra/setup/iam.tf
index b6a67c6..0fdcbc4 100644
--- a/infra/setup/iam.tf
+++ b/infra/setup/iam.tf
@@ -150,3 +150,35 @@ resource "aws_iam_user_policy_attachment" "ec2" {
   user       = aws_iam_user.cd.name
   policy_arn = aws_iam_policy.ec2.arn
 }
+
+#########################
+# Policy for RDS access #
+#########################
+
+data "aws_iam_policy_document" "rds" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "rds:DescribeDBSubnetGroups",
+      "rds:DescribeDBInstances",
+      "rds:CreateDBSubnetGroup",
+      "rds:DeleteDBSubnetGroup",
+      "rds:CreateDBInstance",
+      "rds:DeleteDBInstance",
+      "rds:ListTagsForResource",
+      "rds:ModifyDBInstance"
+    ]
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_policy" "rds" {
+  name        = "${aws_iam_user.cd.name}-rds"
+  description = "Allow user to manage RDS resources."
+  policy      = data.aws_iam_policy_document.rds.json
+}
+
+resource "aws_iam_user_policy_attachment" "rds" {
+  user       = aws_iam_user.cd.name
+  policy_arn = aws_iam_policy.rds.arn
+}