commit 2e0a7334e6537de0782e8a3f5528fee4a396def2
author Riku Voipio <riku.voipio@linaro.org> Tue Oct 12 15:00:03 2021 +0300
committer Riku Voipio <riku.voipio@linaro.org> Tue Oct 12 15:00:03 2021 +0300
tree 4e32fe94e69ba1ac3802913abf5b718e1cd00ca8
parent d02b92b78ded18e7f3e8abeba64be38026cb9e88

iam profiles: add packer role

This allows us create EC2 AMIs on the -private instance.

- STG-2571

Change-Id: I350e11f73d2df32ac29860586f004f6cb9835cbb

ecr.tf

diff --git a/ecr.tf b/ecr.tf
index 0c15ffb..103f9aa 100644
--- a/ecr.tf
+++ b/ecr.tf
@@ -80,6 +80,49 @@
   ]
 }
 
+module "packer_policy" {
+  source      = "./modules/resources/role_policy"
+  role_id     = aws_iam_role.ecr_pushpull_role.id
+  policy_file = "templates/role_policy.tmpl"
+  actions = [
+    "ec2:AttachVolume",
+        "ec2:AuthorizeSecurityGroupIngress",
+        "ec2:CopyImage",
+        "ec2:CreateImage",
+        "ec2:CreateKeypair",
+        "ec2:CreateSecurityGroup",
+        "ec2:CreateSnapshot",
+        "ec2:CreateTags",
+        "ec2:CreateVolume",
+        "ec2:DeleteKeyPair",
+        "ec2:DeleteSecurityGroup",
+        "ec2:DeleteSnapshot",
+        "ec2:DeleteVolume",
+        "ec2:DeregisterImage",
+        "ec2:DescribeImageAttribute",
+        "ec2:DescribeImages",
+        "ec2:DescribeInstances",
+        "ec2:DescribeInstanceStatus",
+        "ec2:DescribeRegions",
+        "ec2:DescribeSecurityGroups",
+        "ec2:DescribeSnapshots",
+        "ec2:DescribeSubnets",
+        "ec2:DescribeTags",
+        "ec2:DescribeVolumes",
+        "ec2:DetachVolume",
+        "ec2:GetPasswordData",
+        "ec2:ModifyImageAttribute",
+        "ec2:ModifyInstanceAttribute",
+        "ec2:ModifySnapshotAttribute",
+        "ec2:RegisterImage",
+        "ec2:RunInstances",
+        "ec2:StopInstances",
+        "ec2:TerminateInstances"
+  ]
+  resources = [
+                "*"
+  ]
+}
 
 module "jenkins_instance_profile" {
   source    = "./modules/resources/instance_profile"