Skip to content

Commit

Permalink
Add permission for session manager central monitoring
Browse files Browse the repository at this point in the history
  • Loading branch information
@TomJKing
TomJKing committed Feb 7, 2025
1 parent 4bd4044 commit 3903bc7
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 2 deletions.
5 changes: 5 additions & 0 deletions terraform/bastion/root.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,11 @@ resource "aws_iam_role" "bastion_db_connect_role" {
assume_role_policy = templatefile("${path.module}/templates/bastion_access_db_assume_role.json.tpl", { account_id = data.aws_caller_identity.current.account_id, environment = title(local.environment) })
}

resource "aws_iam_role_policy_attachment" "org_session_manager_logs_policy_attach" {
policy_arn = data.aws_iam_policy.org-session-manager-logs.arn
role = data.aws_iam_role.bastion_role.name
}

resource "aws_iam_policy" "bastion_db_connect_policy" {
name = "TDRBastionAccessDbPolicy${title(local.environment)}"
policy = templatefile("${path.module}/templates/bastion_access_db_policy.json.tpl", { account_id = data.aws_caller_identity.current.account_id, instance_id = data.aws_db_instance.consignment_api.resource_id })
Expand Down
4 changes: 4 additions & 0 deletions terraform/bastion/root_data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,3 +59,7 @@ data "aws_security_group" "db_security_group" {
data "aws_security_group" "efs_export_security_group" {
name = "export-efs-mount-target-security-group"
}

data "aws_iam_policy" "org-session-manager-logs" {
arn = "arn:aws:iam::${var.tdr_account_number}:policy/org-session-manager-logs"
}
2 changes: 1 addition & 1 deletion terraform/bastion/tdr-configurations
Submodule tdr-configurations updated from f4d8c2 to 723ec3
2 changes: 1 addition & 1 deletion terraform/bastion/tdr-terraform-modules
Submodule tdr-terraform-modules updated 36 files
+1 −0 alb/main.tf
+5 −0 alb/variables.tf
+7 −0 certificatemanager/versions.tf
+20 −7 cloudfront/main.tf
+2 −10 cloudtrail/main.tf
+3 −18 config/main.tf
+7 −0 config/providers.tf
+0 −4 guardduty/locals.tf
+0 −17 guardduty/main.tf
+7 −0 guardduty/providers.tf
+0 −40 iam_policy/templates/consignment_export_execution_policy.json.tpl
+5 −5 kms/main.tf
+1 −1 lambda/create_db_users.tf
+0 −96 lambda/create_keycloak_db_user.tf
+0 −96 lambda/create_keycloak_db_user_new.tf
+0 −2 lambda/locals.tf
+0 −4 lambda/log_data.tf
+44 −7 lambda/notifications.tf
+0 −8 lambda/outputs.tf
+15 −7 lambda/rotate_keycloak_secrets.tf
+14 −0 lambda/templates/lambda_vpc_policy.json.tpl
+19 −0 lambda/templates/rotate_keycloak_secrets_policy.json.tpl
+28 −9 lambda/variables.tf
+2 −1 rds_instance/main.tf
+4 −0 rds_instance/outputs.tf
+5 −0 rds_instance/variables.tf
+114 −46 s3/main.tf
+1 −1 s3/templates/cloudtrail.json.tpl
+1 −1 s3/templates/secure_transport.json.tpl
+43 −0 s3/templates/upload_cloudfront_logs.json.tpl
+13 −1 s3/variables.tf
+0 −2 ssm_parameter/main.tf
+1 −1 vpc/main.tf
+33 −3 waf/main.tf
+4 −0 waf/outputs.tf
+12 −7 waf/variables.tf

0 comments on commit 3903bc7

Please sign in to comment.