Shared: IAM
Module creating shared IAM Role and Instance Profile
Shared Moduleshared/modules/iam
Created Resources
| Resource | Description |
|---|---|
| aws_iam_role.milu2_allow | IAM Role MILU2-AWS-ALLOW |
| aws_iam_instance_profile.milu2_allow | Instance Profile for EC2 |
| aws_iam_role_policy_attachment.* | Attach managed policies |
Permissions
Role is attached with necessary permissions for EC2:
- S3 - Read/write buckets
- ECR - Pull images
- CloudWatch - Push metrics/logs
- SSM - Session Manager access
Info
Stage module 15-iam only reads (data source) this role, doesn't create new.
existing Flag
existing_iam = true→ Skip, role already existsexisting_iam = false→ Create new
Outputs
| Name | Description |
|---|---|
| role_arn | IAM role ARN |
| instance_profile_name | Instance profile name |