resource "vault_approle_auth_backend_role" "packer_builder" {
  role_name      = "packer_builder"
  bind_secret_id = false
  token_policies = [
    "default_access",
    "kv/service/packer/packer_builder",
  ]
  token_ttl     = 300 # builds can take a few minutes
  token_max_ttl = 600
  token_bound_cidrs = [
    "10.10.12.200/32",
    "198.18.25.102/32",
    "198.18.26.91/32",
    "198.18.27.40/32",
  ]
}