Terraform module which creates am EC2 instance profile with its IAM role and policies on AWS.
Terraform 0.12 and newer.
locals {
instance_profile_custom_policy_1 = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:GetChange",
"route53:ListHostedZones",
"route53:ChangeResourceRecordSets"
],
"Resource": "*"
}
]
}
EOF
}
module "ec2_instance_profile" {
source = "/path/to/terraform-aws-ec2-instance-profile"
name = var.name
custom_policy_jsons = [local.instance_profile_custom_policy_1]
enable_cloudwatch_agent_policy = true
enable_ssm_policy = true
}| Name | Version |
|---|---|
| terraform | >= 0.12.6 |
| aws | >= 2.65 |
| Name | Version |
|---|---|
| aws | >= 2.65 |
No modules.
| Name | Type |
|---|---|
| aws_iam_instance_profile.ec2 | resource |
| aws_iam_policy.cloudwatch_agent | resource |
| aws_iam_policy.custom | resource |
| aws_iam_policy.ssm | resource |
| aws_iam_role.ec2 | resource |
| aws_iam_role_policy_attachment.cloudwatch_agent | resource |
| aws_iam_role_policy_attachment.custom | resource |
| aws_iam_role_policy_attachment.ssm | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| custom_policy_jsons | List of JSON strings of custom policies to be attached to the Instance Profile | list(string) |
[] |
no |
| enable_cloudwatch_agent_policy | Enable cloudwatch agent policy permissions to the IAM Role for the Instance Profile | bool |
true |
no |
| enable_ssm_policy | Enable ssm policy permissions to the IAM Role for the Instance Profile | bool |
true |
no |
| name | Name to be used on all the resources as identifier | string |
n/a | yes |
| Name | Description |
|---|---|
| instance_profile_id | ID of Instance Profile used to reference the created objects in aws_instance resources |
Module managed by Marcel Emmert.
Apache 2 Licensed. See LICENSE for full details.