update serverless-user policy to use CDK

Author: briskt

terraform/main.tf

@@ -11,10 +11,21 @@ module "serverless-user" {
   source  = "silinternational/serverless-user/aws"
   version = "~> 0.4.2"
 
-  app_name           = "${var.app_name}-${var.app_env}"
-  aws_region_policy  = "*"
-  enable_api_gateway = true
-  extra_policies     = var.extra_policies
+  app_name = "${var.app_name}-${var.app_env}"
+  policy_override = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "sts:AssumeRole",
+        ]
+        Resource = [
+          "arn:aws:iam::*:role/cdk-*"
+        ]
+      }
+    ],
+  })
 }
 
 // Set up custom domain name for easier fail-over.

terraform/variables.tf

@@ -34,33 +34,6 @@ variable "aws_secret_access_key" {
   description = "Secret access Key ID for user with permissions to create resources for serverless framework"
 }
 
-variable "extra_policies" {
-  type        = list(string)
-  description = "Optionally provide additional inline policies to attach to user"
-  default = [
-    <<EOT
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "ec2:CreateTags",
-        "ec2:DeleteTags",
-        "iam:getRolePolicy",
-        "logs:FilterLogEvents",
-        "apigateway:UpdateRestApiPolicy"
-      ],
-      "Resource": [
-        "*"
-      ]
-    }
-  ]
-}
-EOT
-  ]
-}
-
 variable "api_key_table" {
   type        = string
   description = "Override api key table name"