removing old dns iam things while new testing domain populates ns servers on vultr
This commit is contained in:
parent
f896e9a3ff
commit
2cd95902a5
@ -1,66 +1,4 @@
|
||||
# Policy to allow VKE to mess with our DNS stuff
|
||||
################################################
|
||||
data aws_iam_policy_document vke {
|
||||
version = "2012-10-17"
|
||||
statement {
|
||||
effect = "Allow"
|
||||
actions = [
|
||||
"route53:ChangeResourceRecordSets"
|
||||
]
|
||||
resources = [
|
||||
"arn:aws:route53:::hostedzone/*"
|
||||
]
|
||||
resource vultr_dns_domain temprah_lab {
|
||||
domain = var.lab_domain
|
||||
ip = vultr_kubernetes.athens.ip
|
||||
}
|
||||
statement {
|
||||
effect = "Allow"
|
||||
actions = [
|
||||
"route53:ListHostedZones",
|
||||
"route53:ListResourceRecordSets",
|
||||
"route53:ListTagsForResource"
|
||||
]
|
||||
resources = [ "*" ]
|
||||
}
|
||||
}
|
||||
resource aws_iam_policy vke {
|
||||
name = "vke-dns-pol"
|
||||
policy = data.aws_iam_policy_document.vke.json
|
||||
}
|
||||
|
||||
# Here we have the assume (required) for the role to assume a principal
|
||||
#######################################################################
|
||||
data aws_iam_policy_document assume {
|
||||
statement {
|
||||
actions = [ "sts:AssumeRole" ]
|
||||
principals {
|
||||
type = "Service"
|
||||
identifiers = [ "ec2.amazonaws.com" ]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource aws_iam_role vke {
|
||||
name = "vke-dns-role"
|
||||
assume_role_policy = data.aws_iam_policy_document.assume.json
|
||||
}
|
||||
|
||||
# Finally we attach the role and policy together
|
||||
resource aws_iam_role_policy_attachment vke {
|
||||
role = aws_iam_role.vke.name
|
||||
policy_arn = aws_iam_policy.vke.arn
|
||||
}
|
||||
|
||||
# Next we create a user with these permissions
|
||||
|
||||
resource aws_iam_user vke {
|
||||
name = "vke-dns-user"
|
||||
path = "/"
|
||||
tags = {
|
||||
Name = "vke-dns-user"
|
||||
Description = "For VKE to update DNS records"
|
||||
}
|
||||
}
|
||||
|
||||
resource aws_iam_access_key vke {
|
||||
user = aws_iam_user.vke.name
|
||||
}
|
||||
|
||||
|
@ -1,11 +0,0 @@
|
||||
# Need to get access to those creds for the vke user
|
||||
|
||||
output vke_secret_id {
|
||||
value = aws_iam_access_key.vke.id
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
output vke_secret_key {
|
||||
value = aws_iam_access_key.vke.secret
|
||||
sensitive = true
|
||||
}
|
@ -33,3 +33,9 @@ variable cluster {
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
variable lab_domain {
|
||||
type = string
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user