blob: 6768203441fec5436b625e6b8939b7441dc16d70 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
resource "vault_aws_secret_backend" "aws" {
access_key = var.aws_access_key
secret_key = var.aws_secret_key
path = "${var.name}-path"
default_lease_ttl_seconds = "120"
max_lease_ttl_seconds = "240"
}
resource "vault_aws_secret_backend_role" "admin" {
backend = vault_aws_secret_backend.aws.path
name = "${var.name}-role"
credential_type = "iam_user"
policy_document = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:*", "ec2:*"
],
"Resource": "*"
}
]
}
EOF
}
output "backend" {
value = vault_aws_secret_backend.aws.path
}
output "role" {
value = vault_aws_secret_backend_role.admin.name
}
|