resource "vault_approle_auth_backend_role" "tf_vault" {
  role_name      = "tf_vault"
  bind_secret_id = false
  token_policies = [
    "default_access",
    "auth_token_create",
    "auth_token_self",
    "auth_token_roles_admin",
    "approle_role_admin",
    "approle_role_login",
    "approle_token_create",
    "k8s_pki_roles_admin",
    "ldap_admin",
    "pki_int_roles_admin",
    "pki_root_roles_admin",
    "ssh-host-signer_roles_admin",
    "sshca_roles_admin",
    "svc_vault_read",
    "sys_auth_admin",
    "sys_mounts_admin",
    "sys_policy_admin",
  ]
  token_ttl     = 60
  token_max_ttl = 120
  token_bound_cidrs = [
    "10.10.12.200/32",
  ]
}