feat(ci): ci provisoner role for kloud account

Signed-off-by: kolvin <15124052+Kolvin@users.noreply.github.com>

.github/workflows/terragrunt-kloud.yml

@@ -0,0 +1,24 @@
+name: kloud-ci-roles
+
+on:
+  pull_request:
+    branches: main
+    paths: 
+      - 'environments/kloud/global/**'
+      - '.github/workflows/**-kloud.yml'
+      - 'common.hcl'
+  push:
+    branches: main
+
+jobs:
+  terragrunt:
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
+    uses: kloud-cnf/workflows/.github/workflows/terragrunt.yaml@v0.3.7
+    with:
+      working-directory: "environments/kloud/global/"
+      target-account-id: "016272825626"
+      target-region: "eu-west-1"
+      ci-role-name: "github-ci-role-provisioner"

environments/kloud/global/terragrunt.hcl

@@ -0,0 +1,24 @@
+include "common" {
+  path = find_in_parent_folders("common.hcl")
+}
+
+inputs = {
+  platform = "github"
+  roles = [
+    {
+      name_suffix = "infrastructure-provisoner" # https://catalog.workshops.aws/iam-policy-types/en-US/6-labs/lab2-cicd-role
+      trusted_projects_refs = [
+        {
+          paths    = ["kolvin/kloud"]
+          branches = ["*"]
+          tags     = ["*"]
+        }
+      ]
+      templated_policy_statements = [
+        {
+          template = "terraform-ci"
+        }
+      ]
+    }
+  ]
+}