# SSM permissions resource "aws_iam_role" "ssm" { name = "social_ssm" assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json path = "/" description = "SSM permissions for social server" } data "aws_iam_policy_document" "assume_role_policy" { statement { actions = ["sts:AssumeRole"] principals { type = "Service" identifiers = ["ec2.amazonaws.com"] } } } resource "aws_iam_policy" "ssm" { name = "social_ssm" policy = data.aws_iam_policy.ssm.policy path = "/" description = "SSM permissions for social" } data "aws_iam_policy" "ssm" { arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM" } resource "aws_iam_role_policy_attachment" "ssm" { role = aws_iam_role.ssm.name policy_arn = aws_iam_policy.ssm.arn } resource "aws_iam_instance_profile" "ssm" { name = "social_ssm" role = aws_iam_role.ssm.name path = "/" }