Add policy to ec2 on-launch that allows it to read from s3

[khashf]

Given that the policy of s3 also allow other services (include ec2) read from its buckets and files

[MikeTheCanuck]

Hey @DingoEatingFuzz - would these additions help you with assigning the role I'd requested to the EC2 box for PostgreSQL?

[iant01]

The ec2 role to permit S3 access should be narrowed to just the archive bucket if its purpose is to enable the ec2 instance to access the database dumps to use in initializing the database. If one or two other buckets need to be accessed, use a conditional to restrict to just the ones needed. Right now the role provides access to all current and future buckets in the account

[DingoEatingFuzz]

Hey @khashf, I dig the intent here to codify the process of creating roles and policies as well as codifying the details of said roles and policies. However, I don't think bash is the best tool for it.

We'd be better off taking the same infrastructure as code spirit and applying it to purpose-built tool/spec like Cloud Formation or Terraform.

Since we already have some Cloud Formation in use, it makes sense to continue going down that route.