From db596a0e591e14df72c123897d28ba74d23672f2 Mon Sep 17 00:00:00 2001
From: ne-sachirou <ne-sachirou@hatena.ne.jp>
Date: Fri, 20 Sep 2024 15:02:22 +0900
Subject: [PATCH 1/2] =?UTF-8?q?Mackerel=E3=81=AEAWS=E3=82=A4=E3=83=B3?=
 =?UTF-8?q?=E3=83=86=E3=82=B0=E3=83=AC=E3=83=BC=E3=82=B7=E3=83=A7=E3=83=B3?=
 =?UTF-8?q?=E3=82=92=E5=AE=9F=E8=A1=8C=E3=81=99=E3=82=8BIAM=E3=83=AD?=
 =?UTF-8?q?=E3=83=BC=E3=83=AB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 o11y_infra/prd/mackerel_aws_integration.tf | 43 ++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 o11y_infra/prd/mackerel_aws_integration.tf

diff --git a/o11y_infra/prd/mackerel_aws_integration.tf b/o11y_infra/prd/mackerel_aws_integration.tf
new file mode 100644
index 0000000..429b943
--- /dev/null
+++ b/o11y_infra/prd/mackerel_aws_integration.tf
@@ -0,0 +1,43 @@
+data "aws_iam_policy_document" "mackerel_aws_integration_assume_role_policy" {
+  statement {
+    actions = ["sts:AssumeRole"]
+    effect  = "Allow"
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::217452466226:root"]
+    }
+    condition {
+      test     = "StringEquals"
+      variable = "sts:ExternalId"
+      values   = ["iUmC8uhM5dYZt9RuSikXDwGWvBlCeOZSezLBKxcr"]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "mackerel_aws_integration_inline_policy" {
+  statement {
+    actions   = [
+      "AWSBudgetsReadOnlyAccess",
+      "AmazonEC2ReadOnlyAccess",
+      "AmazonElastiCacheReadOnlyAccess",
+      "AmazonRDSReadOnlyAccess",
+      "AmazonSQSReadOnlyAccess",
+      "CloudWatchReadOnlyAccess",
+      "ecs:Describe*",
+      "ecs:List*",
+      "sqs:ListQueueTags"
+    ]
+    effect    = "Allow"
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_role" "mackerel_aws_integration" {
+  name = "mackerel-aws-integration"
+  path = "/"
+  assume_role_policy = data.aws_iam_policy_document.mackerel_aws_integration_assume_role_policy.json
+  inline_policy {
+    name   = "mackerel-aws-integration"
+    policy = data.aws_iam_policy_document.mackerel_aws_integration_inline_policy.json
+  }
+}

From 2aae2bbbf051a25561ba293c8621c8c2eacc7300 Mon Sep 17 00:00:00 2001
From: ne-sachirou <ne-sachirou@hatena.ne.jp>
Date: Thu, 26 Sep 2024 21:06:54 +0900
Subject: [PATCH 2/2] =?UTF-8?q?=E5=A4=96=E9=83=A8ID?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 o11y_infra/prd/mackerel_aws_integration.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/o11y_infra/prd/mackerel_aws_integration.tf b/o11y_infra/prd/mackerel_aws_integration.tf
index 429b943..035c2b2 100644
--- a/o11y_infra/prd/mackerel_aws_integration.tf
+++ b/o11y_infra/prd/mackerel_aws_integration.tf
@@ -9,7 +9,7 @@ data "aws_iam_policy_document" "mackerel_aws_integration_assume_role_policy" {
     condition {
       test     = "StringEquals"
       variable = "sts:ExternalId"
-      values   = ["iUmC8uhM5dYZt9RuSikXDwGWvBlCeOZSezLBKxcr"]
+      values   = ["P6vnw10qZcylI8QWWXOxX1oneICZOrShzBAnFCf6"]
     }
   }
 }