Add IAM role and policies to access via SSM

author Cássio Gabriel <cassiogabrielcontato@gmail.com>

Sat, 24 Jan 2026 16:29:49 +0000 (13:29 -0300)

committer Cássio Gabriel <cassiogabrielcontato@gmail.com>

Sat, 24 Jan 2026 20:52:10 +0000 (17:52 -0300)
author Cássio Gabriel <cassiogabrielcontato@gmail.com>
Sat, 24 Jan 2026 16:29:49 +0000 (13:29 -0300)
committer Cássio Gabriel <cassiogabrielcontato@gmail.com>
Sat, 24 Jan 2026 20:52:10 +0000 (17:52 -0300)
diff --git a/assessment/terraform/main.tf b/assessment/terraform/main.tf

index 611645180e761b85e1bb56fafe91857ca6042f14..8003c7fb07e073818e50c7de11f5db08f744bd0c 100644 (file)
--- a/assessment/terraform/main.tf
+++ b/assessment/terraform/main.tf
@@ -124,3 +124,36 @@ resource "aws_security_group" "egress_all" {
    protocol          = "-1" # All protocols
    cidr_blocks       = ["0.0.0.0/0"]
  }
+
+# -------------------------------------------------------
+
+# IAM role for the EC2 instance
+resource "aws_iam_role" "ec2_ssm_role" {
+  name = "ec2-ssm-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+        Action = "sts:AssumeRole"
+      }
+    ]
+  })
+}
+
+# Attach the SSM policy to the role
+resource "aws_iam_role_policy_attachment" "ssm_core" {
+  role       = aws_iam_role.ec2_ssm_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
+
+# Create the instance profile
+resource "aws_iam_instance_profile" "ec2_ssm_profile" {
+  name = "ec2-ssm-instance-profile"
+  role = aws_iam_role.ec2_ssm_role.name
+}
+
author	Cássio Gabriel <cassiogabrielcontato@gmail.com>
	Sat, 24 Jan 2026 16:29:49 +0000 (13:29 -0300)
committer	Cássio Gabriel <cassiogabrielcontato@gmail.com>
	Sat, 24 Jan 2026 20:52:10 +0000 (17:52 -0300)