Merge pull request #42 from Homebrew/cleanup

iMichka · web-flow · commit ca0ce74671fd · 2025-04-09T08:38:27.000+02:00
roles: cleanup and import
diff --git a/aws/roles.tf b/aws/roles.tf
@@ -11,13 +11,6 @@ data "aws_iam_policy_document" "codebuild_policy_document" {
       "s3:Put*",
       "s3:DeleteObject",
       "s3:DeleteObjectVersion",
-      "ecs:*",
-      "ecr:*",
-      "apigateway:*",
-      "elasticloadbalancing:*",
-      "iam:DeleteGroupMembership",
-      "iam:DetachRolePolicy",
-      "iam:DeletePolicy"
     ]
     resources = [
       "arn:aws:s3:::homebrew-terraform-state/*",
@@ -29,7 +22,12 @@ data "aws_iam_policy_document" "codebuild_policy_document" {
     effect = "Allow"
     actions = [
       "iam:*",
-      "sso:TagResource"
+      "sso:TagResource",
+      "ecs:*",
+      "ecr:*",
+      "apigateway:*",
+      "elasticloadbalancing:*",
+      "identitystore:*"
     ]
     resources = ["*"]
   }
diff --git a/import.tf b/import.tf
@@ -45,3 +45,8 @@ import {
   to = module.aws.aws_iam_openid_connect_provider.github_actions
   id = "arn:aws:iam::765021812025:oidc-provider/token.actions.githubusercontent.com"
 }
+
+import {
+  to = module.aws.aws_iam_role.github_tf
+  id = "GitHubActionsRole"
+}

Original file line number	Diff line number	Diff line change
`@@ -45,3 +45,8 @@ import {`
`45`	`45`	`to = module.aws.aws_iam_openid_connect_provider.github_actions`
`46`	`46`	`id = "arn:aws:iam::765021812025:oidc-provider/token.actions.githubusercontent.com"`
`47`	`47`	`}`
	`48`	`+`
	`49`	`+import {`
	`50`	`+ to = module.aws.aws_iam_role.github_tf`
	`51`	`+ id = "GitHubActionsRole"`
	`52`	`+}`