|
1 | 1 | # -- cert-manager-ocp-massopen ------------------------------------------------ |
2 | 2 |
|
3 | | -data "aws_route53_zone" "ocp_massopen_cloud" { |
4 | | - name = "ocp.massopen.cloud" |
5 | | -} |
6 | | - |
7 | | -data "aws_iam_policy_document" "cert_manager_ocp_massopen" { |
8 | | - statement { |
9 | | - sid = "ManageRecords" |
10 | | - effect = "Allow" |
11 | | - actions = [ |
12 | | - "route53:ChangeResourceRecordSets", |
13 | | - "route53:ListResourceRecordSets", |
14 | | - ] |
15 | | - resources = [data.aws_route53_zone.ocp_massopen_cloud.arn] |
16 | | - } |
17 | | - |
18 | | - statement { |
19 | | - sid = "GetChange" |
20 | | - effect = "Allow" |
21 | | - actions = ["route53:GetChange"] |
22 | | - resources = ["arn:aws:route53:::change/*"] |
23 | | - } |
24 | | - |
25 | | - statement { |
26 | | - sid = "ListZones" |
27 | | - effect = "Allow" |
28 | | - actions = [ |
29 | | - "route53:ListHostedZones", |
30 | | - "route53:ListHostedZonesByName", |
31 | | - ] |
32 | | - resources = ["*"] |
33 | | - } |
34 | | -} |
35 | | - |
36 | | -resource "aws_iam_policy" "cert_manager_ocp_massopen" { |
37 | | - name = "ocp-massopen-cloud" |
38 | | - description = "modify records in ocp.massopen.cloud mainly for the purposes for dns01 challenged." |
39 | | - policy = data.aws_iam_policy_document.cert_manager_ocp_massopen.json |
| 3 | +module "route53_policy_ocp_massopen" { |
| 4 | + source = "../modules/route53-policy" |
| 5 | + zone_name = "ocp.massopen.cloud" |
| 6 | + policy_name = "ocp-massopen-cloud" |
| 7 | + policy_description = "modify records in ocp.massopen.cloud mainly for the purposes for dns01 challenged." |
40 | 8 | } |
41 | 9 |
|
42 | 10 | module "cert_manager_ocp_massopen" { |
43 | 11 | source = "../modules/iam-user" |
44 | 12 | name = "cert-manager-ocp-massopen" |
45 | 13 | policy_arns = { |
46 | | - ocp-massopen-cloud = aws_iam_policy.cert_manager_ocp_massopen.arn |
| 14 | + ocp-massopen-cloud = module.route53_policy_ocp_massopen.policy_arn |
47 | 15 | } |
48 | 16 | tags = { |
49 | 17 | "AKIAYLUGMT7YKZRT4APO" = "cert-manager-nist-clusters" |
|
0 commit comments