Skip to content

Resource: awsIamGroupPolicy

Provides an IAM policy attached to a group.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamGroupMyDevelopers = new aws.iamGroup.IamGroup(
  this,
  "my_developers",
  {
    name: "developers",
    path: "/users/",
  }
);
new aws.iamGroupPolicy.IamGroupPolicy(this, "my_developer_policy", {
  group: awsIamGroupMyDevelopers.name,
  name: "my_developer_policy",
  policy:
    '${jsonencode({\n    Version = "2012-10-17"\n    Statement = [\n      {\n        Action = [\n          "ec2:Describe*",\n        ]\n        Effect   = "Allow"\n        Resource = "*"\n      },\n    ]\n  })}',
});

Argument Reference

The following arguments are supported:

  • policy - (Required) The policy document. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guide
  • name - (Optional) The name of the policy. If omitted, Terraform will assign a random, unique name.
  • namePrefix - (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name.
  • group - (Required) The IAM group to attach to the policy.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The group policy ID.
  • group - The group to which this policy applies.
  • name - The name of the policy.
  • policy - The policy document attached to the group.

Import

IAM Group Policies can be imported using the groupName:groupPolicyName, e.g.,

$ terraform import aws_iam_group_policy.mypolicy group_of_mypolicy_name:mypolicy_name