removing old dns iam things while new testing domain populates ns servers on vultr

This commit is contained in:
shockrah 2024-02-19 16:51:19 -08:00
parent f896e9a3ff
commit 2cd95902a5
3 changed files with 9 additions and 76 deletions

View File

@ -1,66 +1,4 @@
# Policy to allow VKE to mess with our DNS stuff
################################################
data aws_iam_policy_document vke {
version = "2012-10-17"
statement {
effect = "Allow"
actions = [
"route53:ChangeResourceRecordSets"
]
resources = [
"arn:aws:route53:::hostedzone/*"
]
resource vultr_dns_domain temprah_lab {
domain = var.lab_domain
ip = vultr_kubernetes.athens.ip
}
statement {
effect = "Allow"
actions = [
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"route53:ListTagsForResource"
]
resources = [ "*" ]
}
}
resource aws_iam_policy vke {
name = "vke-dns-pol"
policy = data.aws_iam_policy_document.vke.json
}
# Here we have the assume (required) for the role to assume a principal
#######################################################################
data aws_iam_policy_document assume {
statement {
actions = [ "sts:AssumeRole" ]
principals {
type = "Service"
identifiers = [ "ec2.amazonaws.com" ]
}
}
}
resource aws_iam_role vke {
name = "vke-dns-role"
assume_role_policy = data.aws_iam_policy_document.assume.json
}
# Finally we attach the role and policy together
resource aws_iam_role_policy_attachment vke {
role = aws_iam_role.vke.name
policy_arn = aws_iam_policy.vke.arn
}
# Next we create a user with these permissions
resource aws_iam_user vke {
name = "vke-dns-user"
path = "/"
tags = {
Name = "vke-dns-user"
Description = "For VKE to update DNS records"
}
}
resource aws_iam_access_key vke {
user = aws_iam_user.vke.name
}

View File

@ -1,11 +0,0 @@
# Need to get access to those creds for the vke user
output vke_secret_id {
value = aws_iam_access_key.vke.id
sensitive = true
}
output vke_secret_key {
value = aws_iam_access_key.vke.secret
sensitive = true
}

View File

@ -33,3 +33,9 @@ variable cluster {
})
})
}
variable lab_domain {
type = string
}