Data Source: aws_iam_roles

Use this data source to get the ARNs and Names of IAM Roles.

Example Usage

All roles in an account

data "aws_iam_roles" "roles" {}

Roles filtered by name regex

Roles whose role-name contains project

data "aws_iam_roles" "roles" {
  name_regex = ".*project.*"
}

Roles filtered by path prefix

data "aws_iam_roles" "roles" {
  path_prefix = "/custom-path"
}

Roles provisioned by AWS SSO

Roles in the account filtered by path prefix

data "aws_iam_roles" "roles" {
  path_prefix = "/aws-reserved/sso.amazonaws.com/"
}

Specific role in the account filtered by name regex and path prefix

data "aws_iam_roles" "roles" {
  name_regex  = "AWSReservedSSO_permission_set_name_.*"
  path_prefix = "/aws-reserved/sso.amazonaws.com/"
}

Role ARNs with paths removed

For services like Amazon EKS that do not permit a path in the role ARN when used in a cluster's configuration map

data "aws_iam_roles" "roles" {
  path_prefix = "/aws-reserved/sso.amazonaws.com/"
}

output "arns" {
  value = [
    for parts in [for arn in data.aws_iam_roles.roles.arns : split("/", arn)] :
    format("%s/%s", parts[0], element(parts, length(parts) - 1))
  ]
}

Argument Reference

This data source supports the following arguments:

Attribute Reference

This data source exports the following attributes in addition to the arguments above: