Resource: awsIamRolePolicy
Provides an IAM role inline policy.
\~> NOTE: For a given role, this resource is incompatible with using the awsIamRole resource inlinePolicy argument. When using that argument and this resource, both will attempt to manage the role's inline policies and Terraform will show a permanent difference.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamRoleTestRole = new aws.iamRole.IamRole(this, "test_role", {
assumeRolePolicy:
'${jsonencode({\n Version = "2012-10-17"\n Statement = [\n {\n Action = "sts:AssumeRole"\n Effect = "Allow"\n Sid = ""\n Principal = {\n Service = "ec2.amazonaws.com"\n }\n },\n ]\n })}',
name: "test_role",
});
new aws.iamRolePolicy.IamRolePolicy(this, "test_policy", {
name: "test_policy",
policy:
'${jsonencode({\n Version = "2012-10-17"\n Statement = [\n {\n Action = [\n "ec2:Describe*",\n ]\n Effect = "Allow"\n Resource = "*"\n },\n ]\n })}',
role: awsIamRoleTestRole.id,
});
Argument Reference
The following arguments are supported:
name- (Optional) The name of the role policy. If omitted, Terraform will assign a random, unique name.namePrefix- (Optional) Creates a unique name beginning with the specified prefix. Conflicts withname.policy- (Required) The inline policy document. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guiderole- (Required) The name of the IAM role to attach to the policy.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id- The role policy ID, in the form ofroleName:rolePolicyName.name- The name of the policy.policy- The policy document attached to the role.role- The name of the role associated with the policy.
Import
IAM Role Policies can be imported using the roleName:rolePolicyName, e.g.,