Hi,
i have few s3 buckets being used in dev, test and prod environment and i am planning to create a role ( which will allow me to access those s3 buckets and attach the policy ( i.e to list and do some other permission on that buckets present in different envs say dev,test,prod)
i have written this for that -
####################################
## Role Per Service - GO-Service ##
####################################
resource "aws_iam_policy" "go-service" {
name = "go-service-policy"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::orbital-go-download-*"
}
]
}
EOF
}
resource "aws_iam_role" "go-service" {
name = "go-service-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::orbital-go-download-*"
],
"Principal": {
"Service": "s3.amazonaws.com"
}
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "go-services-attach" {
role = aws_iam_role.go-service.name
policy_arn = aws_iam_policy.go-service.arn
}
but with this the prob is i might be getting 3 roles getting created ( since we are creating is for 3 k8s clusters say dev,test and prod ) and i need to have one common role which can access all the s3 buckets needed to access the biz service i.e. biz-go-download-{dev,test,prod} bucket.
any help there how would i achieve this requirement , i am new to terraform ? Any suggestion help would be highly appreciated.