fdio.infra.terraform/1n_nmd/aws/main.tf

   1 resource "vault_aws_secret_backend" "aws" {
   2   access_key = var.aws_access_key
   3   secret_key = var.aws_secret_key
   4   path       = "${var.name}-path"
   5
   6   default_lease_ttl_seconds = "43200"
   7   max_lease_ttl_seconds     = "43200"
   8 }
   9
  10 resource "vault_aws_secret_backend_role" "admin" {
  11   backend         = vault_aws_secret_backend.aws.path
  12   name            = "${var.name}-role"
  13   credential_type = "iam_user"
  14
  15   policy_document = <<EOF
  16 {
  17   "Version": "2012-10-17",
  18   "Statement": [
  19     {
  20       "Effect": "Allow",
  21       "Action": [
  22         "iam:*", "ec2:*"
  23       ],
  24       "Resource": "*"
  25     }
  26   ]
  27 }
  28 EOF
  29 }
  30
  31 output "backend" {
  32   value = vault_aws_secret_backend.aws.path
  33 }
  34
  35 output "role" {
  36   value = vault_aws_secret_backend_role.admin.name
  37 }