File tree Expand file tree Collapse file tree 2 files changed +7
-2
lines changed
enos/modules/verify_secrets_engines/modules Expand file tree Collapse file tree 2 files changed +7
-2
lines changed Original file line number Diff line number Diff line change @@ -76,11 +76,16 @@ data "aws_caller_identity" "current" {}
7676
7777data "aws_region" "current" {}
7878
79- # Using Pre-made policy and role
79+ # The "DemoUser" policy is a predefined policy created by the security team.
80+ # This policy grants the necessary AWS permissions required for role generation via Vault.
81+ # Reference: https://github.com/hashicorp/honeybee-templates/blob/main/templates/iam_policy/DemoUser.yaml
8082data "aws_iam_policy" "premade_demo_user_policy" {
8183 name = " DemoUser"
8284}
8385
86+ # This role was provisioned by the security team using the repository referenced below.
87+ # This role includes the necessary policies to enable AWS credential generation and rotation via Vault.
88+ # Reference: https://github.com/hashicorp/honeybee-templates/blob/main/templates/iam_role/vault-assumed-role-credentials-demo.yaml
8489data "aws_iam_role" "premade_demo_assumed_role" {
8590 name = " vault-assumed-role-credentials-demo"
8691}
Original file line number Diff line number Diff line change @@ -42,7 +42,7 @@ variable "verify_aws_engine_creds" {
4242 type = bool
4343}
4444
45- # Verify PKI Certificate
45+ # Verify AWS Engine
4646resource "enos_remote_exec" "aws_verify_new_creds" {
4747 for_each = . hosts
4848
You can’t perform that action at this time.
0 commit comments