leslie-alldridge · November 28, 2023 05:16
diff --git a/main.tf b/main.tf
 provider "aws" {
  region = "us-east-1"
  default_tags {
    tags = {
      app           = "aws-tags"
      owner         = "tagging-team"
      cost_centre   = "platform"
      slack_channel = "#help-tagging"
    }
  }
 }

 resource "aws_security_group" "allow_tls" {
  name        = "aws-tags"
  description = "Allow TLS inbound traffic"

  ingress {
    from_port = 443
    to_port   = 443
    protocol  = "tcp"
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  tags = {
    Name = "my security group"
  }
 }

 # Dummy IAM resources added at the end - if it's too much code feel free to delete it and play around with the security group instead
 resource "aws_iam_role" "example" {
  name                = "yak_role"
  assume_role_policy  = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "ec2.amazonaws.com"
        }
      },
    ]
  })
  managed_policy_arns = [aws_iam_policy.policy_one.arn, aws_iam_policy.policy_two.arn]
 }

 resource "aws_iam_policy" "policy_one" {
  name = "policy-618033"

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action   = ["ec2:Describe*"]
        Effect   = "Allow"
        Resource = "*"
      },
    ]
  })
 }

 resource "aws_iam_policy" "policy_two" {
  name = "policy-381966"

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action   = ["s3:ListAllMyBuckets", "s3:ListBucket", "s3:HeadBucket"]
        Effect   = "Allow"
        Resource = "*"
      },
    ]
  })
 }
	provider "aws" {
	region = "us-east-1"
	default_tags {
	tags = {
	app = "aws-tags"
	owner = "tagging-team"
	cost_centre = "platform"
	slack_channel = "#help-tagging"
	}
	}
	}

	resource "aws_security_group" "allow_tls" {
	name = "aws-tags"
	description = "Allow TLS inbound traffic"

	ingress {
	from_port = 443
	to_port = 443
	protocol = "tcp"
	}

	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	ipv6_cidr_blocks = ["::/0"]
	}

	tags = {
	Name = "my security group"
	}
	}

	# Dummy IAM resources added at the end - if it's too much code feel free to delete it and play around with the security group instead
	resource "aws_iam_role" "example" {
	name = "yak_role"
	assume_role_policy = jsonencode({
	Version = "2012-10-17"
	Statement = [
	{
	Action = "sts:AssumeRole"
	Effect = "Allow"
	Sid = ""
	Principal = {
	Service = "ec2.amazonaws.com"
	}
	},
	]
	})
	managed_policy_arns = [aws_iam_policy.policy_one.arn, aws_iam_policy.policy_two.arn]
	}

	resource "aws_iam_policy" "policy_one" {
	name = "policy-618033"

	policy = jsonencode({
	Version = "2012-10-17"
	Statement = [
	{
	Action = ["ec2:Describe*"]
	Effect = "Allow"
	Resource = "*"
	},
	]
	})
	}

	resource "aws_iam_policy" "policy_two" {
	name = "policy-381966"

	policy = jsonencode({
	Version = "2012-10-17"
	Statement = [
	{
	Action = ["s3:ListAllMyBuckets", "s3:ListBucket", "s3:HeadBucket"]
	Effect = "Allow"
	Resource = "*"
	},
	]
	})
	}