Merge pull request #201 from ruby-no-kai/AWSManagementConsoleBasicUserAccess

sorah · web-flow · commit 3dd0139bd481 · 2025-08-29T04:07:02.000+09:00
AWSManagementConsoleBasicUserAccess
diff --git a/tf/admin-iam/kaigi_staff.tf b/tf/admin-iam/kaigi_staff.tf
@@ -39,6 +39,11 @@ resource "aws_iam_role_policy" "KaigiStaff_StreamingStaff" {
   policy = data.aws_iam_policy_document.StreamingStaff.json
 }
 
+resource "aws_iam_role_policy_attachment" "KaigiStaff_AWSManagementConsoleBasicUserAccess" {
+  role       = aws_iam_role.KaigiStaff.name
+  policy_arn = data.aws_iam_policy.AWSManagementConsoleBasicUserAccess.arn
+}
+
 #resource "aws_iam_role_policy" "KaigiStaff" {
 #  role   = aws_iam_role.KaigiStaff.name
 #  policy = data.aws_iam_policy_document.KaigiStaff.json
diff --git a/tf/admin-iam/noc_admin.tf b/tf/admin-iam/noc_admin.tf
@@ -45,6 +45,10 @@ resource "aws_iam_policy" "NocAdminBase" {
 }
 
 data "aws_iam_policy_document" "NocAdminBase" {
+  source_policy_documents = [
+    data.aws_iam_policy.AWSManagementConsoleBasicUserAccess.policy,
+  ]
+
   statement {
     effect = "Allow"
     actions = [
@@ -255,3 +259,7 @@ data "aws_iam_policy_document" "NocAdmin_iam-with-boundary" {
     }
   }
 }
+
+data "aws_iam_policy" "AWSManagementConsoleBasicUserAccess" {
+  arn = "arn:aws:iam::aws:policy/AWSManagementConsoleBasicUserAccess"
+}
diff --git a/tf/admin-iam/streaming_staff.tf b/tf/admin-iam/streaming_staff.tf
@@ -100,5 +100,9 @@ data "aws_iam_policy_document" "StreamingStaff" {
     ]
     resources = ["*"]
   }
+}
 
+resource "aws_iam_role_policy_attachment" "StreamingStaff_AWSManagementConsoleBasicUserAccess" {
+  role       = aws_iam_role.StreamingStaff.name
+  policy_arn = data.aws_iam_policy.AWSManagementConsoleBasicUserAccess.arn
 }

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,10 @@ resource "aws_iam_policy" "NocAdminBase" {`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`data "aws_iam_policy_document" "NocAdminBase" {`
	`48`	`+ source_policy_documents = [`
	`49`	`+ data.aws_iam_policy.AWSManagementConsoleBasicUserAccess.policy,`
	`50`	`+ ]`
	`51`	`+`
`48`	`52`	`statement {`
`49`	`53`	`effect = "Allow"`
`50`	`54`	`actions = [`
`@@ -255,3 +259,7 @@ data "aws_iam_policy_document" "NocAdmin_iam-with-boundary" {`
`255`	`259`	`}`
`256`	`260`	`}`
`257`	`261`	`}`
	`262`	`+`
	`263`	`+data "aws_iam_policy" "AWSManagementConsoleBasicUserAccess" {`
	`264`	`+ arn = "arn:aws:iam::aws:policy/AWSManagementConsoleBasicUserAccess"`
	`265`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -100,5 +100,9 @@ data "aws_iam_policy_document" "StreamingStaff" {`
`100`	`100`	`]`
`101`	`101`	`resources = ["*"]`
`102`	`102`	`}`
	`103`	`+}`
`103`	`104`
	`105`	`+resource "aws_iam_role_policy_attachment" "StreamingStaff_AWSManagementConsoleBasicUserAccess" {`
	`106`	`+ role = aws_iam_role.StreamingStaff.name`
	`107`	`+ policy_arn = data.aws_iam_policy.AWSManagementConsoleBasicUserAccess.arn`
`104`	`108`	`}`