Resource: awsIamUserPolicy
Provides an IAM policy attached to a user.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamUserLb = new aws.iamUser.IamUser(this, "lb", {
name: "loadbalancer",
path: "/system/",
});
new aws.iamUserPolicy.IamUserPolicy(this, "lb_ro", {
name: "test",
policy:
'${jsonencode({\n Version = "2012-10-17"\n Statement = [\n {\n Action = [\n "ec2:Describe*",\n ]\n Effect = "Allow"\n Resource = "*"\n },\n ]\n })}',
user: awsIamUserLb.name,
});
const awsIamAccessKeyLb = new aws.iamAccessKey.IamAccessKey(this, "lb_2", {
user: awsIamUserLb.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamAccessKeyLb.overrideLogicalId("lb");
Argument Reference
The following arguments are supported:
policy
- (Required) The policy document. This is a JSON formatted string. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.name
- (Optional) The name of the policy. If omitted, Terraform will assign a random, unique name.namePrefix
- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts withname
.user
- (Required) IAM user to which to attach this policy.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The user policy ID, in the form ofuserName:userPolicyName
.name
- The name of the policy (always set).
Import
IAM User Policies can be imported using the userName:userPolicyName
, e.g.,