Skip to content

Resource: awsIamUserPolicy

Provides an IAM policy attached to a user.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamUserLb = new aws.iamUser.IamUser(this, "lb", {
  name: "loadbalancer",
  path: "/system/",
});
new aws.iamUserPolicy.IamUserPolicy(this, "lb_ro", {
  name: "test",
  policy:
    '${jsonencode({\n    Version = "2012-10-17"\n    Statement = [\n      {\n        Action = [\n          "ec2:Describe*",\n        ]\n        Effect   = "Allow"\n        Resource = "*"\n      },\n    ]\n  })}',
  user: awsIamUserLb.name,
});
const awsIamAccessKeyLb = new aws.iamAccessKey.IamAccessKey(this, "lb_2", {
  user: awsIamUserLb.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamAccessKeyLb.overrideLogicalId("lb");

Argument Reference

The following arguments are supported:

  • policy - (Required) The policy document. This is a JSON formatted string. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.
  • name - (Optional) The name of the policy. If omitted, Terraform will assign a random, unique name.
  • namePrefix - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.
  • user - (Required) IAM user to which to attach this policy.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The user policy ID, in the form of userName:userPolicyName.
  • name - The name of the policy (always set).

Import

IAM User Policies can be imported using the userName:userPolicyName, e.g.,

$ terraform import aws_iam_user_policy.mypolicy user_of_mypolicy_name:mypolicy_name