awscc_iam_role_policy (Resource)

Adds or updates an inline policy document that is embedded in the specified IAM role. When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using CreateRole. You can update a role's trust policy using UpdateAssumeRolePolicy. For information about roles, see roles in the IAM User Guide. A role can also have a managed policy attached to it. To attach a managed policy to a role, use AWS::IAM::Role. To create a new managed policy, use AWS::IAM::ManagedPolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide. For information about the maximum number of inline policies that you can embed with a role, see IAM and quotas in the IAM User Guide.

Example Usage

IAM role embedded inline policy document

Create IAM role for EC2 instance and provide permission to list S3 bucket.

resource "awscc_iam_role_policy" "example" {
  policy_name = "sample_iam_role_policy"
  role_name   = awscc_iam_role.example.id

  policy_document = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect   = "Allow"
        Action   = "s3:ListBucket"
        Resource = "arn:aws:s3:::my_bucket_name"
      }
    ]
  })
}

resource "awscc_iam_role" "example" {
  role_name   = "sample_iam_role"
  description = "This is a sample IAM role"
  path        = "/"

  assume_role_policy_document = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "ec2.amazonaws.com"
        }
      },
    ]
  })
}

Schema

Required

Optional

Read-Only

Import

Import is supported using the following syntax:

$ terraform import awscc_iam_role_policy.example <resource ID>