removing old dns iam things while new testing domain populates ns servers on vultr
This commit is contained in:
parent
f896e9a3ff
commit
2cd95902a5
@ -1,66 +1,4 @@
|
|||||||
# Policy to allow VKE to mess with our DNS stuff
|
resource vultr_dns_domain temprah_lab {
|
||||||
################################################
|
domain = var.lab_domain
|
||||||
data aws_iam_policy_document vke {
|
ip = vultr_kubernetes.athens.ip
|
||||||
version = "2012-10-17"
|
|
||||||
statement {
|
|
||||||
effect = "Allow"
|
|
||||||
actions = [
|
|
||||||
"route53:ChangeResourceRecordSets"
|
|
||||||
]
|
|
||||||
resources = [
|
|
||||||
"arn:aws:route53:::hostedzone/*"
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
statement {
|
|
||||||
effect = "Allow"
|
|
||||||
actions = [
|
|
||||||
"route53:ListHostedZones",
|
|
||||||
"route53:ListResourceRecordSets",
|
|
||||||
"route53:ListTagsForResource"
|
|
||||||
]
|
|
||||||
resources = [ "*" ]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
resource aws_iam_policy vke {
|
|
||||||
name = "vke-dns-pol"
|
|
||||||
policy = data.aws_iam_policy_document.vke.json
|
|
||||||
}
|
|
||||||
|
|
||||||
# Here we have the assume (required) for the role to assume a principal
|
|
||||||
#######################################################################
|
|
||||||
data aws_iam_policy_document assume {
|
|
||||||
statement {
|
|
||||||
actions = [ "sts:AssumeRole" ]
|
|
||||||
principals {
|
|
||||||
type = "Service"
|
|
||||||
identifiers = [ "ec2.amazonaws.com" ]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource aws_iam_role vke {
|
|
||||||
name = "vke-dns-role"
|
|
||||||
assume_role_policy = data.aws_iam_policy_document.assume.json
|
|
||||||
}
|
|
||||||
|
|
||||||
# Finally we attach the role and policy together
|
|
||||||
resource aws_iam_role_policy_attachment vke {
|
|
||||||
role = aws_iam_role.vke.name
|
|
||||||
policy_arn = aws_iam_policy.vke.arn
|
|
||||||
}
|
|
||||||
|
|
||||||
# Next we create a user with these permissions
|
|
||||||
|
|
||||||
resource aws_iam_user vke {
|
|
||||||
name = "vke-dns-user"
|
|
||||||
path = "/"
|
|
||||||
tags = {
|
|
||||||
Name = "vke-dns-user"
|
|
||||||
Description = "For VKE to update DNS records"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource aws_iam_access_key vke {
|
|
||||||
user = aws_iam_user.vke.name
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|||||||
@ -1,11 +0,0 @@
|
|||||||
# Need to get access to those creds for the vke user
|
|
||||||
|
|
||||||
output vke_secret_id {
|
|
||||||
value = aws_iam_access_key.vke.id
|
|
||||||
sensitive = true
|
|
||||||
}
|
|
||||||
|
|
||||||
output vke_secret_key {
|
|
||||||
value = aws_iam_access_key.vke.secret
|
|
||||||
sensitive = true
|
|
||||||
}
|
|
||||||
@ -33,3 +33,9 @@ variable cluster {
|
|||||||
})
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable lab_domain {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user