From: Cássio Gabriel <cassiogabrielcontato@gmail.com>
Date: Sat, 24 Jan 2026 16:29:49 +0000 (-0300)
Subject: Add IAM role and policies to access via SSM
X-Git-Tag: v1.0.0~6
X-Git-Url: http://ec2-54-166-230-229.compute-1.amazonaws.com/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55ed431e8dba26e64b116dea340289faad83f73a;p=cloud-security-assessment.git

Add IAM role and policies to access via SSM
---

diff --git a/assessment/terraform/main.tf b/assessment/terraform/main.tf
index 6116451..8003c7f 100644
--- a/assessment/terraform/main.tf
+++ b/assessment/terraform/main.tf
@@ -124,3 +124,36 @@ resource "aws_security_group" "egress_all" {
   protocol          = "-1" # All protocols
   cidr_blocks       = ["0.0.0.0/0"]
 }
+
+# -------------------------------------------------------
+
+# IAM role for the EC2 instance
+resource "aws_iam_role" "ec2_ssm_role" {
+  name = "ec2-ssm-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+        Action = "sts:AssumeRole"
+      }
+    ]
+  })
+}
+
+# Attach the SSM policy to the role
+resource "aws_iam_role_policy_attachment" "ssm_core" {
+  role       = aws_iam_role.ec2_ssm_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
+
+# Create the instance profile
+resource "aws_iam_instance_profile" "ec2_ssm_profile" {
+  name = "ec2-ssm-instance-profile"
+  role = aws_iam_role.ec2_ssm_role.name
+}
+