Provides an IAM policy.
resource "aws_iam_policy" "policy" {
name = "test_policy"
path = "/"
description = "My test policy"
# Terraform's "jsonencode" function converts a
# Terraform expression result to valid JSON syntax.
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"ec2:Describe*",
]
Effect = "Allow"
Resource = "*"
},
]
})
}
This resource supports the following arguments:
description
- (Optional, Forces new resource) Description of the IAM policy.name_prefix
- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name
.name
- (Optional, Forces new resource) Name of the policy. If omitted, Terraform will assign a random, unique name.path
- (Optional, default "/") Path in which to create the policy. See IAM Identifiers for more information.policy
- (Required) Policy document. This is a JSON formatted string. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guidetags
- (Optional) Map of resource tags for the IAM Policy. If configured with a provider default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.This resource exports the following attributes in addition to the arguments above:
arn
- ARN assigned by AWS to this policy.attachment_count
- Number of entities (users, groups, and roles) that the policy is attached to.id
- ARN assigned by AWS to this policy.policy_id
- Policy's ID.tags_all
- A map of tags assigned to the resource, including those inherited from the provider default_tags
configuration block.In Terraform v1.5.0 and later, use an import
block to import IAM Policies using the arn
. For example:
import {
to = aws_iam_policy.administrator
id = "arn:aws:iam::123456789012:policy/UsersManageOwnCredentials"
}
Using terraform import
, import IAM Policies using the arn
. For example:
% terraform import aws_iam_policy.administrator arn:aws:iam::123456789012:policy/UsersManageOwnCredentials