Difference between revisions of "Terraform resource: aws iam role"
Jump to navigation
Jump to search
(15 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
<code>[[aws_iam_role]]</code> creates an IAM role ([https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role tf.io]). | <code>[[aws_iam_role]]</code> creates an IAM role ([https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role tf.io]). | ||
+ | |||
+ | * Action: <code>[[sts:AssumeRole]], [[sts:AssumeRoleWithWebIdentity]]</code> | ||
+ | |||
+ | [[aws_iam_policy]] + [[aws_iam_role]] -> [[aws_iam_role_policy_attachment]] | ||
+ | |||
+ | |||
+ | * <code>[[max_session_duration]]</code> | ||
+ | |||
== Official example == | == Official example == | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | {{aws_iam_role test_role}} | ||
Line 32: | Line 18: | ||
== Errors == | == Errors == | ||
* <code>[[Error: expected length of name prefix to be in the range]]</code> | * <code>[[Error: expected length of name prefix to be in the range]]</code> | ||
+ | * <code>[[Error: reading inline policies for IAM role]]</code> | ||
== Related terms == | == Related terms == | ||
Line 37: | Line 24: | ||
* <code>[[aws_iam_role_policy_attachment]]</code> | * <code>[[aws_iam_role_policy_attachment]]</code> | ||
* <code>[[CreateRole]]</code> | * <code>[[CreateRole]]</code> | ||
− | * <code>[[sts:AssumeRole]]</code> | + | * <code>[[sts:AssumeRole]]</code>, <code>[[sts:AssumeRoleWithWebIdentity]]</code> |
+ | * <code>[[aws_iam_instance_profile]]</code> | ||
+ | * <code>[[aws_iam_policy_attachment]]</code> | ||
+ | * <code>[[Federated]]</code> | ||
== See also == | == See also == | ||
+ | * {{aws_iam_role_resource}} | ||
+ | * {{tf aws_iam_role}} | ||
* {{terraform aws iam resources}} | * {{terraform aws iam resources}} | ||
− | |||
[[Category:Terraform]] | [[Category:Terraform]] | ||
[[Category:AWS]] | [[Category:AWS]] |
Latest revision as of 16:04, 10 October 2024
aws_iam_role
creates an IAM role (tf.io).
aws_iam_policy + aws_iam_role -> aws_iam_role_policy_attachment
Official example[edit]
resource "aws_iam_role" "test_role" { name = "test_role" # Terraform's "jsonencode" function converts a # Terraform expression result to valid JSON syntax. assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [ { Action = "sts:AssumeRole" Effect = "Allow" Sid = "" Principal = { Service = "ec2.amazonaws.com" } }, ] }) tags = { tag-key = "tag-value" } }
resource "aws_iam_role" "ecs_task_role" { name = "your-ecs-task-role" assume_role_policy = <<-EOF { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com" }, "Action": [ "sts:AssumeRole" ] } ] } EOF }
Errors[edit]
Error: expected length of name prefix to be in the range
Error: reading inline policies for IAM role
Related terms[edit]
- IAM: AWS IAM role
aws_iam_role_policy_attachment
CreateRole
sts:AssumeRole
,sts:AssumeRoleWithWebIdentity
aws_iam_instance_profile
aws_iam_policy_attachment
Federated
See also[edit]
aws_iam_role: assume_role_policy, iam:CreateRole
aws_iam_role, aws_iam_user
- Terraform IAM resources:
aws_iam_user, aws_iam_group, aws_iam_role, aws_iam_role_policy_attachment
,aws_iam_policy
,aws_iam_role_policy, aws_iam_user_policy, aws_iam_user_policy_attachment
,aws_iam_access_key, aws_iam_group_policy, aws_iam_group_policy_attachment, aws_iam_openid_connect_provider
Advertising: