aws_iam_policy

Provides an IAM policy.

Example Usage 

resource "aws_iam_policy" "policy" {
  name        = "test_policy"
  path        = "/"
  description = "My test policy"

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ec2:Describe*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
EOF
}

Argument Reference

The following arguments are supported:

  • description - (Optional) Description of the IAM policy.
  • name - (Optional, Forces new resource) The name of the policy. If omitted, Terraform will assign a random, unique name.
  • name_prefix - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.
  • path - (Optional, default "/") Path in which to create the policy. See IAM Identifiers for more information.
  • policy - (Required) The policy document. This is a JSON formatted string. The heredoc syntax, file function, or the aws_iam_policy_document data source are all helpful here.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The policy's ID.
  • arn - The ARN assigned by AWS to this policy.
  • description - The description of the policy.
  • name - The name of the policy.
  • path - The path of the policy in IAM.
  • policy - The policy document.

Import

IAM Policies can be imported using the arn, e.g.

$ terraform import aws_iam_policy.administrator arn:aws:iam::123456789012:policy/UsersManageOwnCredentials

© 2018 HashiCorp
Licensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/aws/r/iam_policy.html