feat(terraform): Refactor roles

Signed-off-by: Peter Mikus <peter.mikus@icloud.com>
Change-Id: Ie5e5bb0d8d3c927c26286439fb128529b8b30a81

1 files changed, 6 insertions, 22 deletions

diff --git a/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf b/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf
index 814121986f..6a2d42e681 100644
--- a/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf
+++ b/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf
@@ -1,4 +1,4 @@
-resource "vault_aws_secret_backend" "aws" {
+resource "vault_aws_secret_backend" "aws_secret_backend" {
   access_key = var.aws_access_key
   secret_key = var.aws_secret_key
   path       = "${var.name}-path"
@@ -7,34 +7,18 @@ resource "vault_aws_secret_backend" "aws" {
   max_lease_ttl_seconds     = "0"
 }
 
-resource "vault_aws_secret_backend_role" "admin" {
-  backend         = vault_aws_secret_backend.aws.path
+resource "vault_aws_secret_backend_role" "aws_secret_backend_role" {
+  backend         = vault_aws_secret_backend.aws_secret_backend.path
   name            = "${var.name}-role"
   credential_type = "iam_user"
 
-  policy_document = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "iam:*",
-        "ec2:*",
-        "s3:*",
-        "elasticbeanstalk:*"
-      ],
-      "Resource": "*"
-    }
-  ]
-}
-EOF
+  policy_document = var.policy_document
 }
 
 output "backend" {
-  value = vault_aws_secret_backend.aws.path
+  value = vault_aws_secret_backend.aws_secret_backend.path
 }
 
 output "role" {
-  value = vault_aws_secret_backend_role.admin.name
+  value = vault_aws_secret_backend_role.aws_secret_backend_role.name
 }