Difference between revisions of "Terraform resource: aws iam policy"

From wikieduonline
Jump to navigation Jump to search
Line 71: Line 71:
 
* [[ecr:]] [[ecr:BatchGetImage]]
 
* [[ecr:]] [[ecr:BatchGetImage]]
 
* [[ECS execution policy]]
 
* [[ECS execution policy]]
 +
* [[AWS managed policy: AmazonECSTaskExecutionRolePolicy]]
  
 
== See also ==
 
== See also ==

Revision as of 16:02, 29 May 2023

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy

Examples

Official example

resource "aws_iam_policy" "policy" {
 name        = "test_policy"
 path        = "/"
 description = "My test policy"

 # Terraform's "jsonencode" function converts a
 # Terraform expression result to valid JSON syntax.
 policy = jsonencode({
   Version = "2012-10-17"
   Statement = [
     {
       Action = [
         "ec2:Describe*",
       ]
       Effect   = "Allow"
       Resource = "*"
     },
   ]
 })
}


Basic example

resource "aws_iam_policy" "your_resource_name" {
  name   = "your_policy_name"
  policy = "${data.aws_iam_policy_document.your_policy_name.json}"
}

DynamoDB example

resource "aws_iam_policy" "dynamodb_example" {
 name = "${var.environment}-dynamodb_example"
 policy = jsonencode({
   Version = "2012-10-17"
   Statement = [
     {
       Action = [
         "dynamodb:Scan",
         "dynamodb:GetItem",
         "dynamodb:BatchGetItem",
         "dynamodb:Query",
         "dynamodb:PutItem",
         "dynamodb:UpdateItem",
         "dynamodb:DeleteItem",
         "dynamodb:BatchWriteItem"
       ]
       Effect   = "Allow"
       Resource = "*"
     },
     {
       Action = [
         "logs:CreateLogGroup",
         "logs:CreateLogStream",
         "logs:PutLogEvents"
       ]
       Effect   = "Allow"
       Resource = "*"
     }
   ]
 })
}

Related

See also

Advertising: