refactor(terraform): Directory structure

Signed-off-by: Peter Mikus <pmikus@cisco.com> Change-Id: I2f3cdf0241aaf7c4a8ba4e00b701df10c9165cf8
author: Peter Mikus <pmikus@cisco.com> 2022-03-31 15:59:10 +0200
committer: Peter Mikus <pmikus@cisco.com> 2022-04-01 10:54:23 +0000
commit: ca81b6ccfdcee62846217f824c1e4a1610b8a950 (patch)
tree: f0f836509b346cd59e9d10b5d67abe71cddb3264 /fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf
parent: e972e67afac3ab3eb785668d01d3bdf1833eade9 (diff)
1 files changed, 37 insertions, 0 deletions
diff --git a/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf b/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf
new file mode 100644
index 0000000000..a65c390792
--- /dev/null
+++ b/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf
@@ -0,0 +1,37 @@
+resource "vault_aws_secret_backend" "aws" {
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+  path       = "${var.name}-path"
+
+  default_lease_ttl_seconds = "0"
+  max_lease_ttl_seconds     = "0"
+}
+
+resource "vault_aws_secret_backend_role" "admin" {
+  backend         = vault_aws_secret_backend.aws.path
+  name            = "${var.name}-role"
+  credential_type = "iam_user"
+
+  policy_document = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iam:*", "ec2:*"
+      ],
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
+
+output "backend" {
+  value = vault_aws_secret_backend.aws.path
+}
+
+output "role" {
+  value = vault_aws_secret_backend_role.admin.name
+}
author	Peter Mikus <pmikus@cisco.com>	2022-03-31 15:59:10 +0200
committer	Peter Mikus <pmikus@cisco.com>	2022-04-01 10:54:23 +0000
commit	ca81b6ccfdcee62846217f824c1e4a1610b8a950 (patch)
tree	f0f836509b346cd59e9d10b5d67abe71cddb3264 /fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf
parent	e972e67afac3ab3eb785668d01d3bdf1833eade9 (diff)