ecr: add s3 bucket and role policy for FVP job
for TFC-92. The summary of changes:
Create the S3 bucket for tuxtput
Create policy to access it, and attach it to existing ecr_push_pull role
make an instance profile that grants access to ecr_push_pull for instances it is attached to
Change-Id: Iba6520b9d533ff92255deb3b7bea9d2c708d082e
diff --git a/ecr.tf b/ecr.tf
index ef959cf..7562ad3 100644
--- a/ecr.tf
+++ b/ecr.tf
@@ -54,3 +54,35 @@
EOF
}
+module "trustedfirmware_fvp_storage" {
+ source = "./modules/resources/s3"
+ bucket = "trustedfirmware-fvp"
+ acl = "private"
+}
+
+module "s3_fvp_policy" {
+ source = "./modules/resources/role_policy"
+ role_id = aws_iam_role.ecr_pushpull_role.id
+ policy_file = "templates/role_policy.tmpl"
+ actions = [
+ "s3:AbortMultipartUpload",
+ "s3:CompleteMultipartUpload",
+ "s3:ListBucket",
+ "s3:PutObject",
+ "s3:GetObject",
+ "s3:DeleteObject",
+ "s3:PutObjectAcl"
+ ]
+ resources = [
+ "arn:aws:s3:::trustedfirmware-fvp/*"
+ ]
+}
+
+
+module "jenkins_instance_profile" {
+ source = "./modules/resources/instance_profile"
+ name = "jenkins_instance_profile"
+ role_name = aws_iam_role.ecr_pushpull_role.name
+}
+
+