| resource "aws_ecr_repository" "trustedfirmware_fvp" { |
| name = "fvp" |
| image_tag_mutability = "MUTABLE" |
| } |
| |
| |
| resource "aws_iam_role" "ecr_pushpull_role" { |
| name = "ecr_pushpull_role" |
| description = "Read/Write access to ECR" |
| assume_role_policy = <<EOF |
| { |
| "Version": "2012-10-17", |
| "Statement": [ |
| { |
| "Effect": "Allow", |
| "Principal": { |
| "AWS": [ |
| "987685672616", |
| "arn:aws:iam::487149096843:user/vault" |
| ], |
| "Service": "ec2.amazonaws.com" |
| }, |
| "Action": "sts:AssumeRole" |
| } |
| ] |
| } |
| EOF |
| } |
| |
| resource "aws_iam_role_policy" "ecr_pushpull_policy" { |
| name = "ecr_pushpull_policy" |
| role = aws_iam_role.ecr_pushpull_role.id |
| |
| policy = <<EOF |
| { |
| "Version": "2008-10-17", |
| "Statement": [ |
| { |
| "Sid": "AllowPushPull", |
| "Effect": "Allow", |
| "Resource": "*", |
| "Action": [ |
| "ecr:BatchGetImage", |
| "ecr:BatchCheckLayerAvailability", |
| "ecr:CompleteLayerUpload", |
| "ecr:GetAuthorizationToken", |
| "ecr:GetDownloadUrlForLayer", |
| "ecr:InitiateLayerUpload", |
| "ecr:ListImages", |
| "ecr:PutImage", |
| "ecr:UploadLayerPart" |
| ] |
| } |
| ] |
| } |
| EOF |
| } |
| |
| module "trustedfirmware_fvp_storage" { |
| source = "./modules/resources/s3" |
| bucket = "trustedfirmware-fvp" |
| acl = "private" |
| } |
| |
| module "s3_fvp_policy" { |
| source = "./modules/resources/role_policy" |
| role_id = aws_iam_role.ecr_pushpull_role.id |
| policy_file = "templates/role_policy.tmpl" |
| actions = [ |
| "s3:AbortMultipartUpload", |
| "s3:ListBucket", |
| "s3:PutObject", |
| "s3:GetObject", |
| "s3:DeleteObject", |
| "s3:PutObjectAcl" |
| ] |
| resources = [ |
| "arn:aws:s3:::trustedfirmware-fvp/*", |
| "arn:aws:s3:::trustedfirmware-fvp" |
| ] |
| } |
| |
| module "packer_policy" { |
| source = "./modules/resources/role_policy" |
| role_id = aws_iam_role.ecr_pushpull_role.id |
| policy_file = "templates/role_policy.tmpl" |
| actions = [ |
| "ec2:AttachVolume", |
| "ec2:AuthorizeSecurityGroupIngress", |
| "ec2:CopyImage", |
| "ec2:CreateImage", |
| "ec2:CreateKeypair", |
| "ec2:CreateSecurityGroup", |
| "ec2:CreateSnapshot", |
| "ec2:CreateTags", |
| "ec2:CreateVolume", |
| "ec2:DeleteKeyPair", |
| "ec2:DeleteSecurityGroup", |
| "ec2:DeleteSnapshot", |
| "ec2:DeleteVolume", |
| "ec2:DeregisterImage", |
| "ec2:DescribeImageAttribute", |
| "ec2:DescribeImages", |
| "ec2:DescribeInstances", |
| "ec2:DescribeInstanceStatus", |
| "ec2:DescribeRegions", |
| "ec2:DescribeSecurityGroups", |
| "ec2:DescribeSnapshots", |
| "ec2:DescribeSubnets", |
| "ec2:DescribeTags", |
| "ec2:DescribeVolumes", |
| "ec2:DetachVolume", |
| "ec2:GetPasswordData", |
| "ec2:ModifyImageAttribute", |
| "ec2:ModifyInstanceAttribute", |
| "ec2:ModifySnapshotAttribute", |
| "ec2:RegisterImage", |
| "ec2:RunInstances", |
| "ec2:StopInstances", |
| "ec2:TerminateInstances" |
| ] |
| resources = [ |
| "*" |
| ] |
| } |
| |
| module "jenkins_instance_profile" { |
| source = "./modules/resources/instance_profile" |
| name = "jenkins_instance_profile" |
| role_name = aws_iam_role.ecr_pushpull_role.name |
| } |
| |
| |