Attaches a Managed IAM Policy to an IAM role
data "aws_iam_policy_document" "assume_role" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
actions = ["sts:AssumeRole"]
}
}
resource "aws_iam_role" "role" {
name = "test-role"
assume_role_policy = data.aws_iam_policy_document.assume_role.json
}
data "aws_iam_policy_document" "policy" {
statement {
effect = "Allow"
actions = ["ec2:Describe*"]
resources = ["*"]
}
}
resource "aws_iam_policy" "policy" {
name = "test-policy"
description = "A test policy"
policy = data.aws_iam_policy_document.policy.json
}
resource "aws_iam_role_policy_attachment" "test-attach" {
role = aws_iam_role.role.name
policy_arn = aws_iam_policy.policy.arn
}
This resource supports the following arguments:
role
(Required) - The name of the IAM role to which the policy should be appliedpolicy_arn
(Required) - The ARN of the policy you want to applyThis resource exports no additional attributes.
In Terraform v1.5.0 and later, use an import
block to import IAM role policy attachments using the role name and policy arn separated by /
. For example:
import {
to = aws_iam_role_policy_attachment.test-attach
id = "test-role/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy"
}
Using terraform import
, import IAM role policy attachments using the role name and policy arn separated by /
. For example:
% terraform import aws_iam_role_policy_attachment.test-attach test-role/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy