Skip to content

Commit

Permalink
KIL-2960 Add sts:AssumeRole policy to Agent execution Role
Browse files Browse the repository at this point in the history
  • Loading branch information
delkopiso committed Jan 5, 2024
1 parent 70c571c commit 1a0873c
Showing 1 changed file with 25 additions and 1 deletion.
26 changes: 25 additions & 1 deletion main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,30 @@ resource "aws_iam_role_policy" "mcd_agent_service_lambda_info_policy" {
role = aws_iam_role.mcd_agent_service_execution_role.id
}

resource "aws_iam_role_policy" "mcd_agent_service_assume_role_policy" {
name = "assume_role_policy"
policy = jsonencode({
"Version" : "2012-10-17",
"Statement" : [
{
"Action" : [
"sts:AssumeRole"
],
"Condition" : {
"StringEquals" : {
"iam:ResourceTag/MonteCarloData" : ""
}
},
"Resource" : [
"*"
],
"Effect" : "Allow"
}
]
})
role = aws_iam_role.mcd_agent_service_execution_role.id
}

resource "aws_iam_role_policy" "mcd_agent_service_repo_policy" {
count = var.remote_upgradable ? 1 : 0
name = "repo_access_policy"
Expand Down Expand Up @@ -430,4 +454,4 @@ resource "aws_iam_role" "mcd_agent_service_invocation_role" {
tags = {
MonteCarloData = ""
}
}
}

0 comments on commit 1a0873c

Please sign in to comment.