Skip to main content

aws_deployment_credential_policy

To ensure a successful deployment in your VPC, you must create an AWS deployment credential. For more information, see Create an AWS deployment credential.

This resource depends on the following resources and the celerdatabyoc_aws_data_credential_assume_policy data source:

You must have configured these resources before you can implement this resource.

This resource is a pre-requisite step for the implementation of the celerdatabyoc_aws_deployment_role_credential resource.

Example Usage

resource "celerdatabyoc_aws_data_credential_policy" "data_credential" {
   bucket = local.s3_bucket
}

data "celerdatabyoc_aws_data_credential_assume_policy" "assume_role" {}

resource "aws_iam_role" "celerdata_data_cred_role" {
  name               = "<celerdata_data_credential_role_name>"
  assume_role_policy = data.celerdatabyoc_aws_data_credential_assume_policy.assume_role.json
  description        = "<celerdata_data_credential_role_description>"
  inline_policy {
    name   = "<celerdata_data_credential_role_policy_name>"
    policy = celerdatabyoc_aws_data_credential_policy.role_policy.json
  }
}

resource "celerdatabyoc_aws_deployment_credential_policy" "role_policy" {
  bucket = local.s3_bucket
  data_role_arn = aws_iam_role.celerdata_data_cred_role.arn 
}

resource "celerdatabyoc_aws_deployment_credential_assume_policy" "role_policy" {}

resource "aws_iam_role" "deploy_cred_role" {
  name               = "<celerdata_deployment_credential_role_name>"
  assume_role_policy = celerdatabyoc_aws_deployment_credential_assume_policy.role_policy.json
  description        = "<celerdata_deployment_credential_role_description>"
  inline_policy {
    name   = "<celerdata_deployment_credential_role_policy_name>"
    policy = celerdatabyoc_aws_deployment_credential_policy.role_policy.json
  }
}

resource "celerdatabyoc_aws_deployment_role_credential" "deployment_role_credential" {
  name = "<celerdata_deployment_credential_name>"
  role_arn = aws_iam_role.deploy_cred_role.arn
  external_id = celerdatabyoc_aws_deployment_credential_assume_policy.role_policy.external_id
  policy_version = celerdatabyoc_aws_deployment_credential_policy.role_policy.version
}

Argument Reference

  • bucket: (Forces new resource) The name of the AWS S3 bucket. Set the value to local.s3_bucket, as we recommend that you set the bucket element as a local value s3_bucket in your Terraform configuration. See Local Values.

  • data_role_arn: (Forces new resource) The ARN of the IAM role referenced in the deployment credential. Set the value to aws_iam_role.celerdata_data_cred_role.arn.

Attribute Reference

This resource exports the following attributes:

  • json: The JSON policy document used to create an AWS IAM policy.

  • version: Provides support for policy version comparisons, the result of which only affects newly created clusters and have no effect on existing clusters.

See Also