aws_deployment_credential_policy
To ensure a successful deployment in your VPC, you must create an AWS deployment credential. For more information, see Create an AWS deployment credential.
This resource depends on the following resources and the celerdatabyoc_aws_data_credential_assume_policy data source:
You must have configured these resources before you can implement this resource.
This resource is a pre-requisite step for the implementation of the celerdatabyoc_aws_deployment_role_credential resource.
Example Usage
resource "celerdatabyoc_aws_data_credential_policy" "data_credential" {
bucket = local.s3_bucket
}
data "celerdatabyoc_aws_data_credential_assume_policy" "assume_role" {}
resource "aws_iam_role" "celerdata_data_cred_role" {
name = "<celerdata_data_credential_role_name>"
assume_role_policy = data.celerdatabyoc_aws_data_credential_assume_policy.assume_role.json
description = "<celerdata_data_credential_role_description>"
inline_policy {
name = "<celerdata_data_credential_role_policy_name>"
policy = celerdatabyoc_aws_data_credential_policy.role_policy.json
}
}
resource "celerdatabyoc_aws_deployment_credential_policy" "role_policy" {
bucket = local.s3_bucket
data_role_arn = aws_iam_role.celerdata_data_cred_role.arn
}
resource "celerdatabyoc_aws_deployment_credential_assume_policy" "role_policy" {}
resource "aws_iam_role" "deploy_cred_role" {
name = "<celerdata_deployment_credential_role_name>"
assume_role_policy = celerdatabyoc_aws_deployment_credential_assume_policy.role_policy.json
description = "<celerdata_deployment_credential_role_description>"
inline_policy {
name = "<celerdata_deployment_credential_role_policy_name>"
policy = celerdatabyoc_aws_deployment_credential_policy.role_policy.json
}
}
resource "celerdatabyoc_aws_deployment_role_credential" "deployment_role_credential" {
name = "<celerdata_deployment_credential_name>"
role_arn = aws_iam_role.deploy_cred_role.arn
external_id = celerdatabyoc_aws_deployment_credential_assume_policy.role_policy.external_id
policy_version = celerdatabyoc_aws_deployment_credential_policy.role_policy.version
}
Argument Reference
-
bucket
: (Forces new resource) The name of the AWS S3 bucket. Set the value tolocal.s3_bucket
, as we recommend that you set the bucket element as a local values3_bucket
in your Terraform configuration. See Local Values. -
data_role_arn
: (Forces new resource) The ARN of the IAM role referenced in the deployment credential. Set the value toaws_iam_role.celerdata_data_cred_role.arn
.
Attribute Reference
This resource exports the following attributes:
-
json
: The JSON policy document used to create an AWS IAM policy. -
version
: Provides support for policy version comparisons, the result of which only affects newly created clusters and have no effect on existing clusters.