Commit e4a4948e authored by Craig Barrett's avatar Craig Barrett

Use IAM user resource instead of hard-coding principals

parent 3f173de5
...@@ -6,11 +6,6 @@ data "aws_iam_policy_document" "datateam-greenhouse-extract" { ...@@ -6,11 +6,6 @@ data "aws_iam_policy_document" "datateam-greenhouse-extract" {
"s3:ListBucket", "s3:ListBucket",
] ]
principals = {
type = "AWS"
identifiers = ["arn:aws:iam::855262394183:user/datateam-greenhouse-extract"]
}
resources = [ resources = [
"${aws_s3_bucket.datateam-greenhouse-extract.arn}", "${aws_s3_bucket.datateam-greenhouse-extract.arn}",
] ]
...@@ -24,11 +19,6 @@ data "aws_iam_policy_document" "datateam-greenhouse-extract" { ...@@ -24,11 +19,6 @@ data "aws_iam_policy_document" "datateam-greenhouse-extract" {
"s3:PutObject", "s3:PutObject",
] ]
principals = {
type = "AWS"
identifiers = ["arn:aws:iam::855262394183:user/datateam-greenhouse-extract"]
}
resources = [ resources = [
"${aws_s3_bucket.datateam-greenhouse-extract.arn}", "${aws_s3_bucket.datateam-greenhouse-extract.arn}",
"${aws_s3_bucket.datateam-greenhouse-extract.arn}/*", "${aws_s3_bucket.datateam-greenhouse-extract.arn}/*",
...@@ -36,12 +26,21 @@ data "aws_iam_policy_document" "datateam-greenhouse-extract" { ...@@ -36,12 +26,21 @@ data "aws_iam_policy_document" "datateam-greenhouse-extract" {
} }
} }
resource "aws_iam_user" "datateam-greenhouse-extract" {
name = "datateam-greenhouse-extract"
}
resource "aws_iam_policy" "datateam-greenhouse-extract" { resource "aws_iam_policy" "datateam-greenhouse-extract" {
name = "datateam-greenhouse-extract" name = "datateam-greenhouse-extract"
path = "/" path = "/"
policy = "${data.aws_iam_policy_document.datateam-greenhouse-extract.json}" policy = "${data.aws_iam_policy_document.datateam-greenhouse-extract.json}"
} }
resource "aws_iam_user_policy_attachment" "datateam-greenhouse-extract" {
user = "${aws_iam_user.datateam-greenhouse-extract.name}"
policy_arn = "${aws_iam_policy.datateam-greenhouse-extract.arn}"
}
resource "aws_s3_bucket" "datateam-greenhouse-extract" { resource "aws_s3_bucket" "datateam-greenhouse-extract" {
bucket = "datateam-greenhouse-extract" bucket = "datateam-greenhouse-extract"
acl = "private" acl = "private"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment