From a6a46d82d21c34be273ded705334fd9c1dc05ba2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Arve=20Nyg=C3=A5rd?= Date: Fri, 22 Nov 2024 07:40:50 +0100 Subject: [PATCH] Defined permissionsboundary for resources --- terraform-modules/cur-setup-source/main.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/terraform-modules/cur-setup-source/main.tf b/terraform-modules/cur-setup-source/main.tf index 04943f52..e2379819 100644 --- a/terraform-modules/cur-setup-source/main.tf +++ b/terraform-modules/cur-setup-source/main.tf @@ -216,9 +216,10 @@ data "aws_iam_policy_document" "replication" { } resource "aws_iam_role" "replication" { - name_prefix = "${var.resource_prefix}-replication" - path = "/${var.resource_prefix}/" - assume_role_policy = data.aws_iam_policy_document.s3_assume_role.json + name_prefix = "${var.resource_prefix}-replication" + path = "/${var.resource_prefix}/" + permissions_boundary = var.permissionsboundary_arn + assume_role_policy = data.aws_iam_policy_document.s3_assume_role.json inline_policy { name = "S3Replication" policy = data.aws_iam_policy_document.replication.json