This module creates IAM policies and policy attachment resources.
- Unified Management: Efficiently manage IAM policies and their attachments within a single module.
Examples available here
NOTE: These examples use the latest version of this module
module "minimum" {
source = "boldlink/iam-policy/aws"
version = "<provide_latest_version_here>"
policy_name = "minimum-policy-example"
description = "IAM policy to grant EC2 describe permissions"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"ec2:Describe*",
]
Effect = "Allow"
Resource = "*"
},
]
})
tags = {
environment = "examples"
"user::CostCenter" = "terraform-registry"
}
}
Terraform module documentation
Name | Version |
---|---|
terraform | >= 0.14.11 |
aws | >= 4.15.1 |
Name | Version |
---|---|
aws | 5.21.0 |
No modules.
Name | Type |
---|---|
aws_iam_policy.main | resource |
aws_iam_policy_attachment.main | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
description | (Optional, Forces new resource) Description of the IAM policy. | string |
null |
no |
groups | (Optional) - The group(s) the policy should be applied to | list(string) |
[] |
no |
name_prefix | (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name . |
string |
null |
no |
path | (Optional, default / ) Path in which to create the policy. |
string |
null |
no |
policy | (Required) The policy document. This is a JSON formatted string. | string |
n/a | yes |
policy_attachment_name | (Optional) - The name of the attachment. Required when users, roles or groups are provided. | string |
null |
no |
policy_name | (Optional, Forces new resource) The name of the policy. If omitted, Terraform will assign a random, unique name. | string |
null |
no |
roles | (Optional) - The role(s) the policy should be applied to | list(string) |
[] |
no |
tags | (Optional) Map of resource tags for the IAM Policy. | map(string) |
{} |
no |
users | (Optional) - The user(s) the policy should be applied to | list(string) |
[] |
no |
Name | Description |
---|---|
aws_policy_id | The ARN assigned by AWS to this policy. |
policy_arn | The ARN assigned by AWS to this policy. |
policy_attachment_name | The name of the attachment. |
policy_description | The description of the policy. |
policy_document | The policy document. |
policy_id | The policy's ID. |
policy_name | The name of the policy. |
policy_path | The path of the policy in IAM. |
policy_tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags |
This repository uses third party software:
- pre-commit - Used to help ensure code and documentation consistency
- Install with
brew install pre-commit
- Manually use with
pre-commit run
- Install with
- terraform 0.14.11 For backwards compatibility we are using version 0.14.11 for testing making this the min version tested and without issues with terraform-docs.
- terraform-docs - Used to generate the Inputs and Outputs sections
- Install with
brew install terraform-docs
- Manually use via pre-commit
- Install with
- tflint - Used to lint the Terraform code
- Install with
brew install tflint
- Manually use via pre-commit
- Install with
The makefile contained in this repo is optimized for linux paths and the main purpose is to execute testing for now.
- Create all tests stacks including any supporting resources:
make tests
- Clean all tests except existing supporting resources:
make clean
- Clean supporting resources - this is done separately so you can test your module build/modify/destroy independently.
make cleansupporting
- !!!DANGER!!! Clean the state files from examples and test/supportingResources - use with CAUTION!!!
make cleanstatefiles