Provides an IAM role inline policy.
resource "aws_iam_role_policy" "test_policy" {
name = "test_policy"
role = aws_iam_role.test_role.id
# Terraform's "jsonencode" function converts a
# Terraform expression result to valid JSON syntax.
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"ec2:Describe*",
]
Effect = "Allow"
Resource = "*"
},
]
})
}
resource "aws_iam_role" "test_role" {
name = "test_role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "ec2.amazonaws.com"
}
},
]
})
}
This resource supports the following arguments:
name
- (Optional) The name of the role policy. If omitted, Terraform will
assign a random, unique name.name_prefix
- (Optional) Creates a unique name beginning with the specified
prefix. Conflicts with name
.policy
- (Required) The inline policy document. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guiderole
- (Required) The name of the IAM role to attach to the policy.This resource exports the following attributes in addition to the arguments above:
id
- The role policy ID, in the form of role_name:role_policy_name
.name
- The name of the policy.policy
- The policy document attached to the role.role
- The name of the role associated with the policy.In Terraform v1.5.0 and later, use an import
block to import IAM Role Policies using the role_name:role_policy_name
. For example:
import {
to = aws_iam_role_policy.mypolicy
id = "role_of_mypolicy_name:mypolicy_name"
}
Using terraform import
, import IAM Role Policies using the role_name:role_policy_name
. For example:
% terraform import aws_iam_role_policy.mypolicy role_of_mypolicy_name:mypolicy_name