NEW: adding aws org and iam

2020-08-25 16:30:23 +08:00
parent f0a68fb300
commit 48c5e88611
2 changed files with 53 additions and 0 deletions
@@ -0,0 +1,26 @@
+resource "aws_organizations_organization" "org" {
+  aws_service_access_principals = [
+    "cloudtrail.amazonaws.com",
+    "config.amazonaws.com",
+  ]
+
+  feature_set = "ALL"
+  enabled_policy_types = [
+    "TAG_POLICY",
+    "SERVICE_CONTROL_POLICY"
+  ]
+}
+
+resource "aws_organizations_policy" "taggig-policy" {
+  name = "tagging-policy"
+  type = "TAG_POLICY"
+
+  content = <<EOF
+{
+    "tags": {
+        "owner": {}
+    }
+}
+EOF
+}
+
@@ -0,0 +1,27 @@
+resource "aws_iam_role" "admin-role" {
+  name = "xpk-admin-role"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+
+  max_session_duration = 7200
+  tags = local.default-tags
+}
+
+resource "aws_iam_role_policy_attachment" "roaccess-attach" {
+  role       = aws_iam_role.admin-role.name
+  policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
+}
+