added terrafrom configs

111111111111/iam/roles/data.tf

@@ -0,0 +1,10 @@
+data "template_file" "s3_policy" {
+  template = file("../../templates/s3_bucker_access.tpl")
+}
+
+data "template_file" "asume_role" {
+  template = file("../../templates/assume_role.tpl")
+    vars = {
+    dev_account_id = var.dev_account_id
+  }
+}

111111111111/iam/roles/main.tf

@@ -0,0 +1,24 @@
+terraform {
+  backend "s3" {
+    profile = "terra"
+    bucket  = "mytesting-tf-states"
+    key     = "111111111111/iam/roles/terraform.tfstate"
+    region  = "eu-west-1"
+  }
+}
+
+
+resource "aws_iam_policy" "s3_bucker_access_policy" {
+  name        = "s3_bucker_access_policy"
+  path        = "/"
+  description = "s3_bucker_access_policy"
+
+  policy = data.template_file.s3_policy.rendered
+}
+
+resource "aws_iam_role" "role_c" {
+  name = "role_c"
+
+  assume_role_policy  = data.template_file.asume_role.rendered
+  managed_policy_arns = [aws_iam_policy.s3_bucker_access_policy.arn]
+}

111111111111/iam/roles/provider.tf

@@ -0,0 +1,4 @@
+provider "aws" {
+  region  = var.region
+  profile = "monit"
+} 

111111111111/iam/roles/variables.tf

@@ -0,0 +1,7 @@
+variable "region" {
+  default = "eu-west-1"
+}
+
+variable "dev_account_id" {
+  default = "449091252457"
+}

111111111111/templates/assume_role.tpl

@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": "arn:aws:iam::${dev_account_id}:root"
+            },
+            "Action": "sts:AssumeRole",
+            "Condition": {}
+        }
+    ]
+}

111111111111/templates/s3_bucker_access.tpl

@@ -0,0 +1,27 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "s3:ListAllMyBuckets",
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:ListBucket",
+                "s3:GetBucketLocation"
+            ],
+            "Resource": "arn:aws:s3:::monit-aws-test-bucket"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:GetObject",
+                "s3:PutObject",
+                "s3:DeleteObject"
+            ],
+            "Resource": "arn:aws:s3:::monit-aws-test-bucket/*"
+        }
+    ]
+}