Skip to main content

aws_data_credential_policy

Creates an AWS data credential policy.

This resource is a pre-requisite step for the implementation of the celerdatabyoc_aws_data_credential resource.

Example Usage

resource "celerdatabyoc_aws_data_credential_policy" "role_policy" {
   bucket = local.s3_bucket
}

data "celerdatabyoc_aws_data_credential_assume_policy" "assume_role" {}

resource "aws_iam_role" "celerdata_data_cred_role" {
  name               = "<celerdata_data_credential_role_name>"
  assume_role_policy = data.celerdatabyoc_aws_data_credential_assume_policy.assume_role.json
  description        = "<celerdata_data_credential_role_description>"
  inline_policy {
    name   = "<celerdata_data_credential_role_policy_name>"
    policy = celerdatabyoc_aws_data_credential_policy.role_policy.json
  }
}

resource "aws_iam_instance_profile" "celerdata_data_cred_profile" {
  name = "celerdata_data_cred_profile"
  role = aws_iam_role.celerdata_data_cred_role.name
}

resource "celerdatabyoc_aws_data_credential" "data_credential" {
  name = "<celerdata_data_credential_name>"
  role_arn = aws_iam_role.celerdata_data_cred_role.arn 
  instance_profile_arn = aws_iam_instance_profile.celerdata_data_cred_profile.arn
  bucket_name = local.s3_bucket
  policy_version = celerdatabyoc_aws_data_credential_policy.role_policy.version
}

Argument Reference

note

This section explains only the arguments of the celerdatabyoc_aws_data_credential_policy resource. For the explanation of arguments of other resources, see the corresponding resource topics.

This resource contains only the following required argument:

  • bucket: (Forces new resource) The name of the AWS S3 bucket for which to generate the JSON policy document and that stores query profiles. Set the value to local.s3_bucket, as we recommend that you set the bucket element as a local value s3_bucket in your Terraform configuration. See Local Values.

Attribute Reference

This resource exports the following attributes:

  • json: The JSON policy document used to create an AWS IAM policy.

  • version: Provides support for policy version comparisons, the result of which only affects newly created clusters and have no effect on existing clusters.

See Also