From a3139306d145797a2d59af22505f77631d8a1788 Mon Sep 17 00:00:00 2001 From: Mojo Talantikite Date: Mon, 24 Jul 2023 14:51:16 -0400 Subject: [PATCH] add iam and instance profile to vm --- services/postgres/serverless.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/services/postgres/serverless.yml b/services/postgres/serverless.yml index 32a3f70ea0..f3131b5fbe 100644 --- a/services/postgres/serverless.yml +++ b/services/postgres/serverless.yml @@ -183,6 +183,7 @@ resources: Properties: InstanceType: t2.micro ImageId: ami-05bfc1ab11bfbf484 + IamInstanceProfile: !Ref PgVMIAMInstanceProfile KeyName: 'mojo' NetworkInterfaces: - AssociatePublicIpAddress: true @@ -193,6 +194,7 @@ resources: UserData: Fn::Base64: !Sub | #!/bin/bash + sudo apt install awscli -y aws s3 cp s3://${PostgresVMScriptsBucket}/scripts/vm-startup.sh /usr/local/bin/vm-startup.sh aws s3 cp s3://${PostgresVMScriptsBucket}/scripts/vm-shutdown.sh /usr/local/bin/vm-shutdown.sh aws s3 cp s3://${PostgresVMScriptsBucket}/scripts/slack-notify.service /etc/systemd/system/notify-slack.service @@ -200,6 +202,32 @@ resources: chmod +x /usr/local/bin/vm-shutdown.sh chmod +x /etc/systemd/system/notify-slack.service + PgVMIAMRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: ec2.amazonaws.com + Action: sts:AssumeRole + Policies: + - PolicyName: 's3Access' + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: 'Allow' + Action: + - 's3:GetObject' + Resource: !GetAtt PostgresVMScriptsBucket.Arn + + PgVMIAMInstanceProfile: + Type: AWS::IAM::InstanceProfile + Properties: + Roles: + - !Ref PgVMIAMRole + PostgresVmSg: Type: 'AWS::EC2::SecurityGroup' Properties: