add missing data.tf file for data.aws_iam_policy_document.support_assume_policy

wesleung · wesleung · commit 4f93a440c2a5 · 2024-04-17T17:15:52.000-07:00
diff --git a/modules/baseline_iam/data.tf b/modules/baseline_iam/data.tf
@@ -0,0 +1,12 @@
+data "aws_caller_identity" "current" {}
+
+data  "aws_iam_policy_document" "support_assume_policy" {
+  statement {
+    sid     = "supportpolicy"
+    actions     = ["sts:AssumeRole"]
+    principals  {
+      type    = "AWS"
+      identifiers = [data.aws_caller_identity.current.id]
+    }
+  }
+}
diff --git a/modules/baseline_iam/main.tf b/modules/baseline_iam/main.tf
@@ -20,6 +20,7 @@ resource "aws_iam_account_password_policy" "default" {
   max_password_age               = var.max_password_age
 }
 
+# Moved to data.tf file
 # --------------------------------------------------------------------------------------------------
 # Support Role - https://us-east-1.console.aws.amazon.com/securityhub/home?region=us-east-1#/standards/cis-aws-foundations-benchmark-1.4.0/1.17
 #                https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#cis-1.20-remediation

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ resource "aws_iam_account_password_policy" "default" {`
`20`	`20`	`max_password_age = var.max_password_age`
`21`	`21`	`}`
`22`	`22`
	`23`	`+# Moved to data.tf file`
`23`	`24`	`# --------------------------------------------------------------------------------------------------`
`24`	`25`	`# Support Role - https://us-east-1.console.aws.amazon.com/securityhub/home?region=us-east-1#/standards/cis-aws-foundations-benchmark-1.4.0/1.17`
`25`	`26`	`# https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#cis-1.20-remediation`