awscc_iam_managed_policy (Resource)

Creates a new managed policy for your AWS-account. This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for managed policies in the IAM User Guide. As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide. For more information about managed policies in general, see Managed policies and inline policies in the IAM User Guide.

Example Usage

Basic example

The following example creates a managed policy and associates it with the TestDBGroup group.

resource "awscc_iam_managed_policy" "test_policy" {
  description = "Policy for creating a test database"
  path        = "/"

  policy_document = jsonencode(
    {
      "Version" : "2012-10-17",
      "Statement" : [
        {
          "Effect" : "Allow",
          "Action" : "rds:CreateDBInstance",
          "Resource" : "arn:aws:rds:*:*:db:test*",
          "Condition" : {
            "StringEquals" : {
              "rds:DatabaseEngine" : "mysql"
            }
          }
        },
        {
          "Effect" : "Allow",
          "Action" : "rds:CreateDBInstance",
          "Resource" : "arn:aws:rds:*:*:db:test*",
          "Condition" : {
            "StringEquals" : {
              "rds:DatabaseClass" : "db.t2.micro"
            }
          }
        }
      ]
  })

  groups = ["TestDBGroup"]
}

Schema

Required

Optional

Read-Only

Import

Import is supported using the following syntax:

$ terraform import awscc_iam_managed_policy.example <resource ID>