Resource: aws_iam_role_policy

Provides an IAM role inline policy.

Example Usage

resource "aws_iam_role_policy" "test_policy" {
  name = "test_policy"
  role = aws_iam_role.test_role.id

  # Terraform's "jsonencode" function converts a
  # Terraform expression result to valid JSON syntax.
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [
          "ec2:Describe*",
        ]
        Effect   = "Allow"
        Resource = "*"
      },
    ]
  })
}

resource "aws_iam_role" "test_role" {
  name = "test_role"

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "ec2.amazonaws.com"
        }
      },
    ]
  })
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import IAM Role Policies using the role_name:role_policy_name. For example:

import {
  to = aws_iam_role_policy.mypolicy
  id = "role_of_mypolicy_name:mypolicy_name"
}

Using terraform import, import IAM Role Policies using the role_name:role_policy_name. For example:

% terraform import aws_iam_role_policy.mypolicy role_of_mypolicy_name:mypolicy_name