feat: add iam role for aws-terraform runner (#627)

* feat: add iam role for aws-terraform runner * style: terraform fmt
liatrio · Oct 12, 2022 · 46fc716 · 46fc716
1 parent b2c653f
commit 46fc716
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/stages/cloud-provider/aws/sharedsvc/github-runners.tf b/stages/cloud-provider/aws/sharedsvc/github-runners.tf
@@ -29,3 +29,18 @@ module "lead_terraform_pipeline_iam" {
  namespace = var.github_runners_namespace
  roles = var.lead_terraform_pipeline_roles
 }
+
+module "lead_terraform_github_runner_iam" {
+ source = "../../../../modules/environment/aws/iam/github-runner-iam"
+
+ name = "liatrio-aws-terraform-runners"
+ service_account_name = "liatrio-aws-terraform-runners"
+ aws_iam_openid_connect_provider_arn = module.eks.aws_iam_openid_connect_provider_arn
+ aws_iam_openid_connect_provider_url = module.eks.aws_iam_openid_connect_provider_url
+ namespace = var.github_runners_namespace
+ roles = [
+ "arn:aws:iam::489130170427:role/Developer", // prod
+ "arn:aws:iam::281127131043:role/Developer", // non-prod
+ "arn:aws:iam::774051255656:role/Developer", // sandbox
+ ]
+}
diff --git a/stages/cloud-provider/aws/sharedsvc/outputs.tf b/stages/cloud-provider/aws/sharedsvc/outputs.tf
@@ -71,6 +71,10 @@ output "lead_terraform_pipeline_service_account_arn" {
  value = module.lead_terraform_pipeline_iam.role_arn
 }
 
+output "aws_terraform_github_iam_role_arn" {
+ value = module.lead_terraform_github_runner_iam.role_arn
+}
+
 output "atlantis_service_account_arn" {
  value = aws_iam_role.atlantis_service_account.arn
 }