init

aws_runner/roles.tf

@@ -0,0 +1,40 @@
+resource "aws_iam_role" "github_runner_role" {
+  name               = "github-runner-role"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect    = "Allow"
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+        Action    = "sts:AssumeRole"
+      },
+    ]
+  })
+}
+
+resource "aws_iam_policy" "github_runner_policy" {
+  name        = "github-runner-policy"
+  description = "Policy for GitHub Self-Hosted Runner EC2 instances"
+  policy      = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect   = "Allow"
+        Action   = [
+          "s3:ListBucket",
+          "s3:GetObject",
+          "ec2:DescribeInstances",
+          "ec2:DescribeVolumes"
+        ]
+        Resource = "*"
+      },
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "github_runner_policy_attachment" {
+  role       = aws_iam_role.github_runner_role.name
+  policy_arn = aws_iam_policy.github_runner_policy.arn
+}