-
Notifications
You must be signed in to change notification settings - Fork 4
/
nessus_parameterstorereadonly_policy.tf
25 lines (22 loc) · 1007 Bytes
/
nessus_parameterstorereadonly_policy.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# ------------------------------------------------------------------------------
# Create the IAM policy that allows read-only access to the Nessus-related
# SSM Parameter Store parameters in the Images account.
# ------------------------------------------------------------------------------
data "aws_iam_policy_document" "nessus_parameterstorereadonly_doc" {
statement {
actions = [
"ssm:GetParameter",
"ssm:GetParameters"
]
resources = [
"arn:aws:ssm:*:${local.images_account_id}:parameter${var.ssm_key_nessus_admin_username}",
"arn:aws:ssm:*:${local.images_account_id}:parameter${var.ssm_key_nessus_admin_password}"
]
}
}
resource "aws_iam_policy" "nessus_parameterstorereadonly_policy" {
provider = aws.provisionparameterstorereadrole
description = local.nessus_parameterstorereadonly_role_description
name = local.nessus_parameterstorereadonly_role_name
policy = data.aws_iam_policy_document.nessus_parameterstorereadonly_doc.json
}