X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=fdio.infra.terraform%2F1n_nmd%2Faws%2Fmain.tf;fp=fdio.infra.terraform%2F1n_nmd%2Faws%2Fmain.tf;h=6768203441fec5436b625e6b8939b7441dc16d70;hb=73440ab332c51eb11405767d320bc496d9ebdbe7;hp=0000000000000000000000000000000000000000;hpb=bbfe9b5ba82a3998687909a833c2646bccbb6aa6;p=csit.git

diff --git a/fdio.infra.terraform/1n_nmd/aws/main.tf b/fdio.infra.terraform/1n_nmd/aws/main.tf
new file mode 100644
index 0000000000..6768203441
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/aws/main.tf
@@ -0,0 +1,37 @@
+resource "vault_aws_secret_backend" "aws" {
+  access_key                = var.aws_access_key
+  secret_key                = var.aws_secret_key
+  path                      = "${var.name}-path"
+
+  default_lease_ttl_seconds = "120"
+  max_lease_ttl_seconds     = "240"
+}
+
+resource "vault_aws_secret_backend_role" "admin" {
+  backend                   = vault_aws_secret_backend.aws.path
+  name                      = "${var.name}-role"
+  credential_type           = "iam_user"
+
+  policy_document           = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iam:*", "ec2:*"
+      ],
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
+
+output "backend" {
+  value                     = vault_aws_secret_backend.aws.path
+}
+
+output "role" {
+  value                     = vault_aws_secret_backend_role.admin.name
+}
\ No newline at end of file