Output RDS params policy

FIAP-3SOAT-G15 · Mar 16, 2024 · 9bf1014 · 9bf1014
1 parent 510d55e
commit 9bf1014
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 3 deletions.
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -55,21 +55,39 @@ module "security_group" {
 
   ingress_with_cidr_blocks = [
     {
-      from_port   = 5432
-      to_port     = 5432
+      from_port   = local.port
+      to_port     = local.port
       protocol    = "tcp"
       cidr_blocks = data.terraform_remote_state.tech-challenge.outputs.vpc_cidr_block
     },
   ]
 }
 
-module "ssm_parameters" {
+module "rds_params" {
   source = "terraform-aws-modules/ssm-parameter/aws"
   name   = "/live/selfordermanagement/db"
   type   = "String"
+
   value = jsonencode({
     name : local.name,
     endpoint : module.db.db_instance_endpoint,
     port : local.port
   })
 }
+
+resource "aws_iam_policy" "rds_params_read_only_policy" {
+  name = "TechChallengeRDSParamsReadOnlyPolicy"
+
+  policy = jsonencode({
+    Version = "2022-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "ssm:GetParameters"
+        ],
+        Resource = aws_iam_policy.rds_params_read_only_policy.arn
+      }
+    ]
+  })
+}
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -2,3 +2,8 @@ output "db_instance_master_user_secret_arn" {
   description = "The ARN of the master user secret (Only available when manage_master_user_password is set to true)"
   value       = module.db.db_instance_master_user_secret_arn
 }
+
+output "rds_params_read_only_policy_arn" {
+  description = "The ARN of the RDS params"
+  value       = aws_iam_policy.rds_params_read_only_policy.arn
+}