diff --git a/terraform/aws.tf b/terraform/aws.tf index 3f11d9a..b108589 100644 --- a/terraform/aws.tf +++ b/terraform/aws.tf @@ -4,6 +4,9 @@ provider "aws" { region = "${var.aws_region}" version = "~> 1.57" + assume_role = { + role_arn = "arn:aws:iam::587267277416:role/terraform_sandbox_backend_admin" + } } data "aws_caller_identity" "current" {} diff --git a/terraform/bootstrap/jenkins.tf b/terraform/bootstrap/jenkins.tf index ca74dda..32ee958 100644 --- a/terraform/bootstrap/jenkins.tf +++ b/terraform/bootstrap/jenkins.tf @@ -28,15 +28,8 @@ data "aws_iam_policy_document" "terraform_backend_role_policy_document" { statement { effect = "Allow" - actions = ["s3:*"] - resources = ["arn:aws:s3:::${module.bootstrap.state_bucket}/*"] - } - - statement { - effect = "Allow" - - actions = ["dynamodb:*"] - resources = ["arn:aws:dynamodb:${var.aws_region}:${data.aws_caller_identity.current.account_id}:table/${module.bootstrap.dynamodb_table}"] + actions = ["*"] + resources = ["*"] } } diff --git a/terraform/bootstrap/terraform.tfstate b/terraform/bootstrap/terraform.tfstate index ac7b90f..fd8724c 100644 --- a/terraform/bootstrap/terraform.tfstate +++ b/terraform/bootstrap/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.2.9", - "serial": 215, + "serial": 217, "lineage": "3466ed5e-b3d1-107e-19aa-0306c957a966", "outputs": { "account_id": { @@ -104,8 +104,8 @@ { "schema_version": 0, "attributes": { - "id": "1540866772", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:*\",\n \"Resource\": \"arn:aws:s3:::moduscreate-devops-demo-tf-state-us-east-1/*\"\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"dynamodb:*\",\n \"Resource\": \"arn:aws:dynamodb:us-east-1:587267277416:table/moduscreate-devops-demo-state-lock\"\n }\n ]\n}", + "id": "784443208", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"*\",\n \"Resource\": \"*\"\n }\n ]\n}", "override_json": null, "override_policy_documents": null, "policy_id": null, @@ -114,22 +114,7 @@ "statement": [ { "actions": [ - "s3:*" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [], - "resources": [ - "arn:aws:s3:::moduscreate-devops-demo-tf-state-us-east-1/*" - ], - "sid": "" - }, - { - "actions": [ - "dynamodb:*" + "*" ], "condition": [], "effect": "Allow", @@ -138,7 +123,7 @@ "not_resources": [], "principals": [], "resources": [ - "arn:aws:dynamodb:us-east-1:587267277416:table/moduscreate-devops-demo-state-lock" + "*" ], "sid": "" } @@ -164,7 +149,7 @@ "name": "terraform-backend-role-policy", "name_prefix": null, "path": "/", - "policy": "{\"Statement\":[{\"Action\":\"s3:*\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::moduscreate-devops-demo-tf-state-us-east-1/*\",\"Sid\":\"\"},{\"Action\":\"dynamodb:*\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:dynamodb:us-east-1:587267277416:table/moduscreate-devops-demo-state-lock\",\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}", + "policy": "{\"Statement\":[{\"Action\":\"*\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}", "policy_id": "ANPAYRO63QJUEYGCFJVOK", "tags": {}, "tags_all": {} @@ -231,10 +216,8 @@ "dependencies": [ "aws_iam_policy.terraform_backend_role_policy", "aws_iam_role.terraform_backend_role", - "data.aws_caller_identity.current", "data.aws_iam_policy_document.terraform_backend_account_policy", - "data.aws_iam_policy_document.terraform_backend_role_policy_document", - "module.bootstrap.aws_dynamodb_table.terraform_state_lock" + "data.aws_iam_policy_document.terraform_backend_role_policy_document" ] } ] @@ -563,7 +546,7 @@ ], "object_lock_configuration": [], "object_lock_enabled": false, - "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"enforce-tls-requests-only\",\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Action\":\"s3:*\",\"Resource\":\"arn:aws:s3:::moduscreate-devops-demo-tf-state-us-east-1/*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}},{\"Sid\":\"inventory-and-analytics\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"s3.amazonaws.com\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::moduscreate-devops-demo-tf-state-us-east-1/*\",\"Condition\":{\"StringEquals\":{\"s3:x-amz-acl\":\"bucket-owner-full-control\",\"aws:SourceAccount\":\"587267277416\"},\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:s3:::moduscreate-devops-demo-tf-state-us-east-1\"}}}]}", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"enforce-tls-requests-only\",\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Action\":\"s3:*\",\"Resource\":\"arn:aws:s3:::moduscreate-devops-demo-tf-state-us-east-1/*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}},{\"Sid\":\"inventory-and-analytics\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"s3.amazonaws.com\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::moduscreate-devops-demo-tf-state-us-east-1/*\",\"Condition\":{\"StringEquals\":{\"aws:SourceAccount\":\"587267277416\",\"s3:x-amz-acl\":\"bucket-owner-full-control\"},\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:s3:::moduscreate-devops-demo-tf-state-us-east-1\"}}}]}", "region": "us-east-1", "replication_configuration": [], "request_payer": "BucketOwner", diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 0cfa892..ee089fa 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -9,6 +9,7 @@ terraform { dynamodb_table = "moduscreate-devops-demo-state-lock" region = "us-east-1" encrypt = "true" + role_arn = "arn:aws:iam::587267277416:role/terraform_sandbox_backend_admin" } }