-
Notifications
You must be signed in to change notification settings - Fork 2
/
stack-managed-policy.template
31 lines (31 loc) · 1.06 KB
/
stack-managed-policy.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
AWSTemplateFormatVersion: 2010-09-09
Description: A managed policy to access the terraform state stack.
Resources:
TerraformStatePolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: A policy to access the terraform remote state
ManagedPolicyName: terraform-state-policy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: s3:ListBucket
Resource: !Sub "arn:aws:s3:::terraform-state-${AWS::AccountId}"
- Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
- s3:DeleteObject
Resource: !Sub "arn:aws:s3:::terraform-state-${AWS::AccountId}/*"
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
Resource:
- !Sub "arn:aws:dynamodb:ap-southeast-2:${AWS::AccountId}:table/terraform-state"
Outputs:
PolicyARN:
Description: The arn PolicyDocument
Value: !Ref TerraformStatePolicy