From eb4e257ea3673024fffa857feb4c7392323ea667 Mon Sep 17 00:00:00 2001 From: julialawrence Date: Wed, 16 Oct 2024 12:05:28 +0100 Subject: [PATCH] Adding assume role permissions to Control Panel Role --- .../cluster/iam-policies.tf | 12 ++++++++++++ .../cluster/terraform.tfvars | 2 ++ 2 files changed, 14 insertions(+) diff --git a/terraform/aws/analytical-platform-development/cluster/iam-policies.tf b/terraform/aws/analytical-platform-development/cluster/iam-policies.tf index 0031fcca0c..79c57dacb6 100644 --- a/terraform/aws/analytical-platform-development/cluster/iam-policies.tf +++ b/terraform/aws/analytical-platform-development/cluster/iam-policies.tf @@ -515,6 +515,18 @@ data "aws_iam_policy_document" "control_panel_api" { ] resources = ["arn:aws:lakeformation:*:${var.account_ids["analytical-platform-development"]}:*"] } + statement { + sid = "AssumeRoleComputeAccounnt" + effect = "Allow" + actions = [ + "sts:AssumeRole", + "sts:TagSession" + ] + resources = [ + "arn:aws:iam::${var.account_ids["analytical-platform-compute-development"]}:role/analytical-platform-control-panel", + "arn:aws:iam::${var.account_ids["analytical-platform-compute-test"]}:role/analytical-platform-control-panel" + ] + } } resource "aws_iam_policy" "control_panel_api" { diff --git a/terraform/aws/analytical-platform-development/cluster/terraform.tfvars b/terraform/aws/analytical-platform-development/cluster/terraform.tfvars index ed5bedc4a6..65fc0dcb9b 100644 --- a/terraform/aws/analytical-platform-development/cluster/terraform.tfvars +++ b/terraform/aws/analytical-platform-development/cluster/terraform.tfvars @@ -6,6 +6,8 @@ account_ids = { analytical-platform-development = "525294151996" analytical-platform-management-production = "042130406152" analytical-platform-production = "312423030077" + analytical-platform-compute-development = "381491960855" + analytical-platform-compute-test = "767397661611" } environment = "development"