aws_deployment_credential_assume_policy

To ensure a successful deployment in your VPC, you must create an AWS deployment credential. For more information, see Create an AWS deployment credential.

This resource depends on the following resources and the celerdatabyoc_aws_data_credential_assume_policy data source:

• celerdatabyoc_aws_data_credential_policy
• aws_iam_role

You must have configured these resources before you can implement this resource.

This resource is a pre-requisite step for the implementation of the celerdatabyoc_aws_deployment_role_credential resource.

Example Usage

resource "celerdatabyoc_aws_data_credential_policy" "data_credential" {
   bucket = local.s3_bucket
}

data "celerdatabyoc_aws_data_credential_assume_policy" "assume_role" {}

resource "aws_iam_role" "celerdata_data_cred_role" {
  name               = "<celerdata_data_credential_role_name>"
  assume_role_policy = data.celerdatabyoc_aws_data_credential_assume_policy.assume_role.json
  description        = "<celerdata_data_credential_role_description>"
  inline_policy {
    name   = "<celerdata_data_credential_role_policy_name>"
    policy = celerdatabyoc_aws_data_credential_policy.role_policy.json
  }
}

resource "celerdatabyoc_aws_deployment_credential_policy" "role_policy" {
  bucket = local.s3_bucket
  data_role_arn = aws_iam_role.celerdata_data_cred_role.arn 
}

resource "celerdatabyoc_aws_deployment_credential_assume_policy" "role_policy" {}

resource "aws_iam_role" "deploy_cred_role" {
  name               = "<celerdata_deployment_credential_role_name>"
  assume_role_policy = celerdatabyoc_aws_deployment_credential_assume_policy.role_policy.json
  description        = "<celerdata_deployment_credential_role_description>"
  inline_policy {
    name   = "<celerdata_deployment_credential_role_policy_name>"
    policy = celerdatabyoc_aws_deployment_credential_policy.role_policy.json
  }
}

resource "celerdatabyoc_aws_deployment_role_credential" "deployment_role_credential" {
  name = "<celerdata_deployment_credential_name>"
  role_arn = aws_iam_role.deploy_cred_role.arn
  external_id = celerdatabyoc_aws_deployment_credential_assume_policy.role_policy.external_id
  policy_version = celerdatabyoc_aws_deployment_credential_policy.role_policy.version
}

Argument Reference

note

This section explains only the arguments of the celerdatabyoc_aws_deployment_credential_assume_policy resource. For the explanation of arguments of other resources, see the corresponding resource topics.

This resource exports the following attributes:

• external_id: The external_id for this policy.
• json: AWS policy json.

See Also

• celerdatabyoc_aws_deployment_credential_policy
• celerdatabyoc_aws_deployment_role_credential