Code Quality

Security

Cloud

Container

Data protection

Terraform AWS IAM Policy

Introducing the AWS IAM Policy Collection Terraform Module, a comprehensive solution for managing your AWS Identity and Access Management (IAM) policies. This module has been carefully crafted to include the most commonly used policies in our setups, making it easier for you to manage and secure your AWS resources.

Our team of experts has worked with AWS IAM policies for years and has a deep understanding of the best practices and configurations. By using this Terraform module, you can be sure that your policies are created and managed in a secure, efficient, and scalable manner.

This module offers a one-stop-shop for all your IAM policy needs, saving you time and effort in the process. Whether you're looking to grant access to specific AWS services or to limit the actions that can be performed on your resources, this module has you covered.

So, if you're looking for a convenient and reliable solution for managing your IAM policies, look no further than the AWS IAM Policy Collection Terraform Module. Give it a try and see the difference it can make in your AWS setup!

Inputs

Name	Description	Type	Default	Required
create_policy	Whether to create the actual policy resource or to only render it.	bool	true	no
description	Description of the Security Group.	string	null	no
name	Name of the policy.	string	n/a	yes
path	Path in which to create the policy.	string	"/"	no
policy_id	ID for the policy document.	string	null	no
statements	A map of principals which can assume the role.	list(object({ sid = optional(string) effect = optional(string, "Allow") actions = optional(list(string)) not_actions = optional(list(string)) resources = optional(list(string)) not_resources = optional(list(string)) conditions = optional(list(object({ test = string variable = string values = list(string) }))) principals = optional(list(object({ type = string identifiers = list(string) }))) not_principals = optional(list(object({ type = string identifiers = list(string) }))) }))	[]	no
tags	Tags to add to the Security Group.	map(any)	{}	no
templates	A list of templates. Multiple templates will be combined into a single policy.	list(object({ name = string vars = optional(map(any)) }))	[]	no
use_name_prefix	Use the name attribute as prefix for the role name.	bool	true	no

Outputs

Name	Description
arn	ARN of the IAM policy
id	ID of the IAM policy
json	Rendered JSON of the policy.
name	Name of the IAM policy

Providers

Name	Version
aws	>= 4.36

Resources

• resource.aws_iam_policy.main (main.tf#101)
• data source.aws_caller_identity.current (main.tf#40)
• data source.aws_iam_policy_document.combined (main.tf#93)
• data source.aws_iam_policy_document.statement (main.tf#48)
• data source.aws_iam_policy_document.template (main.tf#44)
• data source.aws_region.current (main.tf#36)

Examples

Statements

module "s3_policy" {
  source = "../../"

  name = var.name
  statements = [
    {
      effect = "Allow"
      actions = [
        "s3:GetObject",
        "s3:PutObject",
        "s3:PutObjectAcl",
        "s3:ListBucket",
        "s3:DeleteObject"
      ]
      resources = [
        "arn:aws:s3:::my-bucket",
        "arn:aws:s3:::my-bucket/*"
      ]
    }
  ]
}

Templates

module "codedeploy_policy" {
  source = "../../"

  name = var.name
  templates = [
    {
      name = "codedeploy/ecs-blue-green-deployment"
      vars = {
        codedeploy_app_name              = "my-project"
        codedeploy_deployment_group_name = "web-app"

        ecs_cluster_name = "my-project"
        ecs_service_name = "web-app"

        task_definition_task_role_name      = "web-app"
        task_definition_execution_role_name = "web-app-exec"
      }
    },
    {
      name = "ecr/push-and-pull"
      vars = {
        ecr_repository_name = "web-app"
      }
    }
  ]
}