# Assume this boundary policy exists
data "aws_iam_policy" "developer_boundary" {
name = "DeveloperBoundary"
}
module "developer_role" {
source = "registry.patterneddesigns.ca/patterneddesigns/iam-role/aws"
version = "2.0.0"
name = "developer-deployment-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Principal = { Service = "codebuild.amazonaws.com" }
Action = "sts:AssumeRole"
}]
})
managed_policy_arns = [
"arn:aws:iam::aws:policy/PowerUserAccess"
]
# Limit what this role can do despite having PowerUserAccess
permissions_boundary = data.aws_iam_policy.developer_boundary.arn
}