iam profiles: add packer role
This allows us create EC2 AMIs on the -private instance.
- STG-2571
Change-Id: I350e11f73d2df32ac29860586f004f6cb9835cbb
diff --git a/ecr.tf b/ecr.tf
index 0c15ffb..103f9aa 100644
--- a/ecr.tf
+++ b/ecr.tf
@@ -80,6 +80,49 @@
]
}
+module "packer_policy" {
+ source = "./modules/resources/role_policy"
+ role_id = aws_iam_role.ecr_pushpull_role.id
+ policy_file = "templates/role_policy.tmpl"
+ actions = [
+ "ec2:AttachVolume",
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:CopyImage",
+ "ec2:CreateImage",
+ "ec2:CreateKeypair",
+ "ec2:CreateSecurityGroup",
+ "ec2:CreateSnapshot",
+ "ec2:CreateTags",
+ "ec2:CreateVolume",
+ "ec2:DeleteKeyPair",
+ "ec2:DeleteSecurityGroup",
+ "ec2:DeleteSnapshot",
+ "ec2:DeleteVolume",
+ "ec2:DeregisterImage",
+ "ec2:DescribeImageAttribute",
+ "ec2:DescribeImages",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInstanceStatus",
+ "ec2:DescribeRegions",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSnapshots",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeTags",
+ "ec2:DescribeVolumes",
+ "ec2:DetachVolume",
+ "ec2:GetPasswordData",
+ "ec2:ModifyImageAttribute",
+ "ec2:ModifyInstanceAttribute",
+ "ec2:ModifySnapshotAttribute",
+ "ec2:RegisterImage",
+ "ec2:RunInstances",
+ "ec2:StopInstances",
+ "ec2:TerminateInstances"
+ ]
+ resources = [
+ "*"
+ ]
+}
module "jenkins_instance_profile" {
source = "./modules/resources/instance_profile"