File tree Expand file tree Collapse file tree 1 file changed +41
-1
lines changed Expand file tree Collapse file tree 1 file changed +41
-1
lines changed Original file line number Diff line number Diff line change @@ -86,6 +86,46 @@ data "aws_ami" "amazon_linux" {
8686# #############################################################################
8787# EFS Storage
8888# #############################################################################
89+ data "aws_iam_policy_document" "allow_access_efs_policy" {
90+ statement {
91+ actions =
92+ " elasticfilesystem:ClientRootAccess"
93+ " elasticfilesystem:ClientWrite"
94+ ]
95+ principals {
96+ type = " AWS"
97+ identifiers = " *"
98+ }
99+ resources = " *"
100+ condition {
101+ test = " Bool"
102+ variable = " elasticfilesystem:AccessedViaMountTarget"
103+
104+ values =
105+ " true"
106+ ]
107+ }
108+ }
109+
110+ statement {
111+ effect = " Deny"
112+ actions = " *"
113+ principals {
114+ type = " AWS"
115+ identifiers = " *"
116+ }
117+ resources = " *"
118+ condition {
119+ test = " Bool"
120+ variable = " aws:SecureTransport"
121+
122+ values =
123+ " false"
124+ ]
125+ }
126+ }
127+ }
128+
89129module "efs" {
90130 source = " oozou/efs/aws"
91131 version = " 1.0.5"
@@ -113,7 +153,7 @@ module "efs" {
113153 vpc_id = . vpc_id
114154 subnets = . private_subnet_ids
115155
116- additional_efs_resource_policies =
156+ additional_efs_resource_policies = data . aws_iam_policy_document . allow_access_efs_policy . json ]
117157
118158 tags = . tags
119159}
You can’t perform that action at this time.
0 commit comments