Skip to content

Commit

Permalink
Merge pull request #869 from ajpc500/develop
Browse files Browse the repository at this point in the history 
Remove all AWS IAM resource creation unless explicitly needed
  • Loading branch information
@P4T12ICK
P4T12ICK committed Jan 19, 2024
2 parents 7d26a3b + 1fbc0de commit 99dfde4
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions terraform/aws/modules/splunk-server/resources.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ data "aws_ami" "splunk_server" {
}

resource "aws_iam_role" "splunk_role" {
count = var.splunk_server.byo_splunk == "0" ? 1 : 0
count = ((var.aws.cloudtrail == "1") || (var.general.carbon_black_cloud == "1")) && (var.splunk_server.byo_splunk == "0") ? 1 : 0
name = "splunk_role_${var.general.key_name}_${var.general.attack_range_name}"

assume_role_policy = <<EOF
Expand All @@ -50,14 +50,14 @@ EOF
}

resource "aws_iam_instance_profile" "splunk_profile" {
count = var.splunk_server.byo_splunk == "0" ? 1 : 0
count = ((var.aws.cloudtrail == "1") || (var.general.carbon_black_cloud == "1")) && (var.splunk_server.byo_splunk == "0") ? 1 : 0
name = "splunk_profile_${var.general.key_name}_${var.general.attack_range_name}"
role = aws_iam_role.splunk_role[0].name
}


data "aws_iam_policy_document" "splunk_logging" {
count = var.splunk_server.byo_splunk == "0" ? 1 : 0
count = ((var.aws.cloudtrail == "1") || (var.general.carbon_black_cloud == "1")) && (var.splunk_server.byo_splunk == "0") ? 1 : 0

statement {
actions = [
Expand Down Expand Up @@ -94,7 +94,7 @@ resource "aws_instance" "splunk-server" {
subnet_id = var.ec2_subnet_id
vpc_security_group_ids = [var.vpc_security_group_ids]
private_ip = "10.0.1.12"
iam_instance_profile = aws_iam_instance_profile.splunk_profile[0].name
iam_instance_profile = ((var.aws.cloudtrail == "1") || (var.general.carbon_black_cloud == "1")) && (var.splunk_server.byo_splunk == "0") ? aws_iam_instance_profile.splunk_profile[0].name : null
associate_public_ip_address = true

root_block_device {
Expand Down

0 comments on commit 99dfde4

Please sign in to comment.