Resource: awsIamGroupPolicy
Provides an IAM policy attached to a group.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamGroupMyDevelopers = new aws.iamGroup.IamGroup(
this,
"my_developers",
{
name: "developers",
path: "/users/",
}
);
new aws.iamGroupPolicy.IamGroupPolicy(this, "my_developer_policy", {
group: awsIamGroupMyDevelopers.name,
name: "my_developer_policy",
policy:
'${jsonencode({\n Version = "2012-10-17"\n Statement = [\n {\n Action = [\n "ec2:Describe*",\n ]\n Effect = "Allow"\n Resource = "*"\n },\n ]\n })}',
});
Argument Reference
The following arguments are supported:
policy
- (Required) The policy document. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guidename
- (Optional) The name of the policy. If omitted, Terraform will assign a random, unique name.namePrefix
- (Optional) Creates a unique name beginning with the specified prefix. Conflicts withname
.group
- (Required) The IAM group to attach to the policy.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The group policy ID.group
- The group to which this policy applies.name
- The name of the policy.policy
- The policy document attached to the group.
Import
IAM Group Policies can be imported using the groupName:groupPolicyName
, e.g.,