Skip to content

Commit

Permalink
Adding assume role permissions to Control Panel Role
Browse files Browse the repository at this point in the history
  • Loading branch information
@julialawrence
julialawrence committed Oct 16, 2024
1 parent 7a9bd3c commit eb4e257
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
12 changes: 12 additions & 0 deletions terraform/aws/analytical-platform-development/cluster/iam-policies.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -515,6 +515,18 @@ data "aws_iam_policy_document" "control_panel_api" {
]
resources = ["arn:aws:lakeformation:*:${var.account_ids["analytical-platform-development"]}:*"]
}
statement {
sid = "AssumeRoleComputeAccounnt"
effect = "Allow"
actions = [
"sts:AssumeRole",
"sts:TagSession"
]
resources = [
"arn:aws:iam::${var.account_ids["analytical-platform-compute-development"]}:role/analytical-platform-control-panel",
"arn:aws:iam::${var.account_ids["analytical-platform-compute-test"]}:role/analytical-platform-control-panel"
]
}
}

resource "aws_iam_policy" "control_panel_api" {
Expand Down
2 changes: 2 additions & 0 deletions terraform/aws/analytical-platform-development/cluster/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ account_ids = {
analytical-platform-development = "525294151996"
analytical-platform-management-production = "042130406152"
analytical-platform-production = "312423030077"
analytical-platform-compute-development = "381491960855"
analytical-platform-compute-test = "767397661611"
}

environment = "development"
Expand Down

0 comments on commit eb4e257

Please sign in to comment.