From 55ed431e8dba26e64b116dea340289faad83f73a Mon Sep 17 00:00:00 2001
From: =?utf8?q?C=C3=A1ssio=20Gabriel?= <cassiogabrielcontato@gmail.com>
Date: Sat, 24 Jan 2026 13:29:49 -0300
Subject: [PATCH] Add IAM role and policies to access via SSM

---
 assessment/terraform/main.tf | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/assessment/terraform/main.tf b/assessment/terraform/main.tf
index 6116451..8003c7f 100644
--- a/assessment/terraform/main.tf
+++ b/assessment/terraform/main.tf
@@ -124,3 +124,36 @@ resource "aws_security_group" "egress_all" {
   protocol          = "-1" # All protocols
   cidr_blocks       = ["0.0.0.0/0"]
 }
+
+# -------------------------------------------------------
+
+# IAM role for the EC2 instance
+resource "aws_iam_role" "ec2_ssm_role" {
+  name = "ec2-ssm-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+        Action = "sts:AssumeRole"
+      }
+    ]
+  })
+}
+
+# Attach the SSM policy to the role
+resource "aws_iam_role_policy_attachment" "ssm_core" {
+  role       = aws_iam_role.ec2_ssm_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
+
+# Create the instance profile
+resource "aws_iam_instance_profile" "ec2_ssm_profile" {
+  name = "ec2-ssm-instance-profile"
+  role = aws_iam_role.ec2_ssm_role.name
+}
+
-- 
2.34.1