# SSM permissions

data "aws_iam_policy_document" "assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = ["ec2.amazonaws.com"]
    }
  }
}

resource "aws_iam_policy" "ssm" {
  name        = "social_ssm"
  policy      = data.aws_iam_policy.ssm.policy
  path        = "/"
  description = "SSM permissions for social"
}

data "aws_iam_policy" "ssm" {
  arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
}

resource "aws_iam_role_policy_attachment" "ssm" {
  role       = aws_iam_role.social.name
  policy_arn = aws_iam_policy.ssm.arn
}