Difference between revisions of "Terraform resource: aws iam role"

From wikieduonline
Jump to navigation Jump to search
 
(15 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
<code>[[aws_iam_role]]</code> creates an IAM role ([https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role tf.io]).
 
<code>[[aws_iam_role]]</code> creates an IAM role ([https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role tf.io]).
 +
 +
* Action: <code>[[sts:AssumeRole]], [[sts:AssumeRoleWithWebIdentity]]</code>
 +
 +
  [[aws_iam_policy]] + [[aws_iam_role]] -> [[aws_iam_role_policy_attachment]]
 +
 +
 +
* <code>[[max_session_duration]]</code>
 +
  
 
== Official example ==
 
== Official example ==
resource "aws_iam_role" "test_role" {
 
  name = "test_role"
 
 
  # Terraform's "jsonencode" function converts a
 
  # Terraform expression result to valid JSON syntax.
 
  assume_role_policy = jsonencode({
 
    Version = "2012-10-17"
 
    Statement = [
 
      {
 
        Action = "sts:AssumeRole"
 
        Effect = "Allow"
 
        Sid    = ""
 
        Principal = {
 
          [[Service]] = "[[ec2.amazonaws.com]]"
 
        }
 
      },
 
    ]
 
  })
 
 
  [[tags]] = {
 
    tag-key = "tag-value"
 
  }
 
}
 
  
 +
{{aws_iam_role test_role}}
  
  
Line 32: Line 18:
 
== Errors ==
 
== Errors ==
 
* <code>[[Error: expected length of name prefix to be in the range]]</code>
 
* <code>[[Error: expected length of name prefix to be in the range]]</code>
 +
* <code>[[Error: reading inline policies for IAM role]]</code>
  
 
== Related terms ==
 
== Related terms ==
Line 37: Line 24:
 
* <code>[[aws_iam_role_policy_attachment]]</code>
 
* <code>[[aws_iam_role_policy_attachment]]</code>
 
* <code>[[CreateRole]]</code>
 
* <code>[[CreateRole]]</code>
* <code>[[sts:AssumeRole]]</code>
+
* <code>[[sts:AssumeRole]]</code>, <code>[[sts:AssumeRoleWithWebIdentity]]</code>
 +
* <code>[[aws_iam_instance_profile]]</code>
 +
* <code>[[aws_iam_policy_attachment]]</code>
 +
* <code>[[Federated]]</code>
  
 
== See also ==
 
== See also ==
 +
* {{aws_iam_role_resource}}
 +
* {{tf aws_iam_role}}
 
* {{terraform aws iam resources}}
 
* {{terraform aws iam resources}}
* {{AWS IAM role}}
 
  
 
[[Category:Terraform]]
 
[[Category:Terraform]]
 
[[Category:AWS]]
 
[[Category:AWS]]

Latest revision as of 16:04, 10 October 2024

aws_iam_role creates an IAM role (tf.io).

 aws_iam_policy + aws_iam_role -> aws_iam_role_policy_attachment



Official example[edit]

 resource "aws_iam_role" "test_role" {
 name = "test_role"

 # Terraform's "jsonencode" function converts a
 # Terraform expression result to valid JSON syntax.
 assume_role_policy = jsonencode({
   Version = "2012-10-17"
   Statement = [
     {
       Action = "sts:AssumeRole"
       Effect = "Allow"
       Sid    = ""
       Principal = {
         Service = "ec2.amazonaws.com"
       }
     },
   ]
 })

 tags = {
   tag-key = "tag-value"
 }
}


 resource "aws_iam_role" "ecs_task_role" {
 name               = "your-ecs-task-role"
 assume_role_policy = <<-EOF
 {
   "Version": "2012-10-17",
   "Statement": [
     {
       "Sid": "",
       "Effect": "Allow",
       "Principal": {
         "Service": "ecs-tasks.amazonaws.com"
       },
       "Action": [
         "sts:AssumeRole"
       ]
     }
   ]
 }
 EOF
}

Errors[edit]

Related terms[edit]

See also[edit]

Advertising: