feat: add ReadOnlyAccess policy for bootstrap and management role

Signed-off-by: Max Xu <[email protected]>
streamnative · Nov 1, 2023 · 44ee669 · 44ee669
1 parent 0356a47
commit 44ee669
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/modules/aws/main.tf b/modules/aws/main.tf
@@ -214,6 +214,12 @@ resource "aws_iam_role_policy_attachment" "bootstrap_policy" {
   role       = aws_iam_role.bootstrap_role[0].name
 }
 
+resource "aws_iam_role_policy_attachment" "bootstrap_readonly" {
+  count      = var.create_bootstrap_role ? 1 : 0
+  policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
+  role       = aws_iam_role.bootstrap_role[0].name
+}
+
 ######
 #-- Create the IAM role for the management of the StreamNative Cloud
 #-- This role is used by StreamNative for management and troubleshooting
@@ -246,6 +252,11 @@ resource "aws_iam_role_policy_attachment" "management_role" {
   role       = aws_iam_role.management_role.name
 }
 
+resource "aws_iam_role_policy_attachment" "management_readonly" {
+  policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
+  role       = aws_iam_role.management_role.name
+}
+
 ######
 #-- Creates the IAM Policies used by EKS Cluster add-on services
 ######