✨ #14 Serverlessデプロイ用のIAMユーザーが必要なので14-iamを追加

modules/aws/iam/files/policy/serverless-deploy-policy.json

@@ -0,0 +1,81 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iam:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "cognito-identity:*",
+        "cognito-sync:*",
+        "cognito-idp:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "lambda:*",
+      "Resource": [
+        "*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "cloudformation:*",
+      "Resource": [
+        "*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "s3:*",
+      "Resource": [
+        "*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "logs:*",
+      "Resource": [
+        "*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "sts:*",
+      "Resource": [
+        "*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "apigateway:*",
+      "Resource": [
+        "*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "events:*",
+      "Resource": [
+        "*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "cloudfront:*",
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}

modules/aws/iam/main.tf

@@ -0,0 +1,15 @@
+resource "aws_iam_user" "serverless_deploy_user" {
+  name          = var.serverless_deploy_user_name
+  force_destroy = true
+}
+
+resource "aws_iam_policy" "serverless_deploy_policy" {
+  name        = "${var.serverless_deploy_user_name}-policy"
+  description = "${var.serverless_deploy_user_name}-policy"
+  policy      = file("../../../../../modules/aws/iam/files/policy/serverless-deploy-policy.json")
+}
+
+resource "aws_iam_user_policy_attachment" "serverless_deploy_policy_attach" {
+  user       = aws_iam_user.serverless_deploy_user.name
+  policy_arn = aws_iam_policy.serverless_deploy_policy.arn
+}

modules/aws/iam/variables.tf

@@ -0,0 +1,3 @@
+variable "serverless_deploy_user_name" {
+  type = string
+}

providers/aws/environments/prod/14-iam/backend.tf

@@ -0,0 +1,8 @@
+terraform {
+  backend "s3" {
+    bucket  = "lgtm-cat-tfstate"
+    key     = "iam/terraform.tfstate"
+    region  = "ap-northeast-1"
+    profile = "lgtm-cat"
+  }
+}

providers/aws/environments/prod/14-iam/main.tf

@@ -0,0 +1,4 @@
+module "iam" {
+  source                      = "../../../../../modules/aws/iam"
+  serverless_deploy_user_name = local.serverless_deploy_user_name
+}

providers/aws/environments/prod/14-iam/provider.tf

@@ -0,0 +1,4 @@
+provider "aws" {
+  region  = "ap-northeast-1"
+  profile = "lgtm-cat"
+}

providers/aws/environments/prod/14-iam/variables.tf

@@ -0,0 +1,4 @@
+locals {
+  env                         = "prod"
+  serverless_deploy_user_name = "${local.env}-serverless-deploy"
+}

providers/aws/environments/prod/14-iam/versions.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_version = "0.14.7"
+
+  required_providers {
+    aws = "3.29.0"
+  }
+}

terraform-init.sh

@@ -7,6 +7,7 @@ tfstateDirList='
 /data/providers/aws/environments/prod/11-images
 /data/providers/aws/environments/prod/12-vercel
 /data/providers/aws/environments/prod/13-txt
+/data/providers/aws/environments/prod/14-iam
 '
 
 for tfstateDir in ${tfstateDirList}; do