github role: remove admin rights

iMichka · iMichka · commit e92ab6e8b4a6 · 2025-04-14T13:35:40.000+02:00
In theory now that the attached policy (opentofu_policy) has enough permissions (iam, identitystore),
we do not need full admin right anymore
diff --git a/aws/roles.tf b/aws/roles.tf
@@ -85,8 +85,3 @@ resource "aws_iam_role_policy_attachment" "github_tf_opentofu_policy_attachment"
   role       = aws_iam_role.github_tf.name
   policy_arn = aws_iam_policy.opentofu_policy.arn
 }
-
-resource "aws_iam_role_policy_attachment" "github_tf_administrator_policy_attachment" {
-  role       = aws_iam_role.github_tf.name
-  policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
-}

Original file line number	Diff line number	Diff line change
`@@ -85,8 +85,3 @@ resource "aws_iam_role_policy_attachment" "github_tf_opentofu_policy_attachment"`
`85`	`85`	`role = aws_iam_role.github_tf.name`
`86`	`86`	`policy_arn = aws_iam_policy.opentofu_policy.arn`
`87`	`87`	`}`
`88`		`-`
`89`		`-resource "aws_iam_role_policy_attachment" "github_tf_administrator_policy_attachment" {`
`90`		`- role = aws_iam_role.github_tf.name`
`91`		`- policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"`
`92`		`-}`