Set s3 bucket name dynamically in ec2 instance profile permissions policy

Author: burmek

ec2_external-dependencies.tfvars

@@ -4,4 +4,4 @@ enable_eks_deployment = false
 
 enable_external_dependencies = true
 
-s3_bucket_name = "cometml-use2-tftest-dev"
+s3_bucket_name = "cometml-use2"

main.tf

@@ -54,6 +54,8 @@ module "ec2_deployment" {
   vpc_id = module.vpc.vpc_id
   allinone_ami = "ami-05842f1afbf311a43"
   allinone_subnet = module.vpc.public_subnets[count.index % length(module.vpc.public_subnets)]
+
+  comet_ml_s3_bucket  = var.s3_bucket_name
 }
 
 module "eks_deployment" {

modules/ec2_deployment/main.tf

@@ -124,7 +124,17 @@ resource "aws_iam_instance_profile" "comet-ml-s3-access-profile" {
 resource "aws_iam_policy" "comet-ml-s3-policy" {
   name        = "comet-ml-s3-access-policy"
   description = "comet-ml-s3-access-policy"
-  policy = file("${path.module}/templates/s3bucketpolicy.json")
+  #policy = file("${path.module}/templates/s3bucketpolicy.json")
+  policy = jsonencode({
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "s3:*",
+            "Resource":"arn:aws:s3:::${var.comet_ml_s3_bucket}"
+        }
+    ]
+  })
 }
 
 resource "aws_iam_role_policy_attachment" "comet-ml-s3-access-attachment" {

modules/ec2_deployment/variables.tf

@@ -50,4 +50,10 @@ variable "allinone_subnet" {
   description = "ID of VPC subnet to launch EC2 instance in"
   type        = string
   default     = ""
+}
+
+variable "comet_ml_s3_bucket" {
+  description = "Name of the S3 bucket provisioned for Comet"
+  type        = string
+  default     = null
 }