YA
yashkalwani/terraform-aws-iam-role-policy
Terraform module for creating AWS IAM roles with flexible support for attaching various policies. It provides a simplified and efficient approach to managing IAM roles and their associated policy (JSON format) attachments.
tf-aws-iam-role-policy in JSON format
A Terraform module to create an AWS IAM Role with support for:
โ
Custom Trust Policy (JSON)
โ
Multiple Inline Policies (JSON)
โ
Multiple AWS Managed Policies (JSON)
โ
Multiple Customer Managed Policies (JSON)
All policy documents are defined as .json files under the policies/ directory relative to the current working directory.
Read more
Terraform Registry Module - https://registry.terraform.io/modules/yashkalwani/iam-role-policy/aws/latest
๐ฝ Downloads from Terraform Registry Module
| Time period | Count |
|---|---|
| Week |  |
| Month |  |
| Year |  |
| Total |  |
๐ฆ Module Features
This module allows you to:
- Create an IAM Role with a custom trust policy
- Attach multiple inline policies defined as JSON files
- Attach existing AWS Managed Policies by ARN
- Attach existing Customer Managed Policies by ARN
๐ Directory Structure
.
โโโ main.tf
โโโ variables.tf
โโโ outputs.tf
โโโ policies/
โ โโโ trust-policy.json
โ โโโ inline-policy-1.json
โ โโโ inline-policy-2.json
โ โโโ ... additional policy filesExample Usage
Single role multiple policies (SRMP)
main.tf
module "role_policy" {
source = "github.com/yashkalwani/terraform-aws-iam-role-policy"
cross_account_id = var.cross_account_id
role_name = var.role_name
role_name_prefix = var.role_name_prefix
assume_role_policy_path = var.assume_role_policy_path
list_inline_policies_paths = var.inline_policy_paths
list_custom_managed_policies_paths = var.custom_managed_policy_paths
list_aws_managed_policies_arns = var.managed_policy_arns
common_tags = var.common_tags
}tfvars
aws_region = "us-east-1"
common_tags = {
"CreatedBy" = "Terraform"
}
role_name = "sample-role"
role_name_prefix = "example-"
cross_account_id = "1234567890123"
assume_role_policy_path = "trust-policy.json"
inline_policy_paths = ["inline-policy.json"]
managed_policy_arns = ["arn:aws:iam::aws:policy/AIOpsConsoleAdminPolicy"]
custom_managed_policy_paths = [ "custom-managed-policy.json" ]Multiple role multiple policies (MRMP)
main.tf
module "role_policy" {
source = "github.com/yashkalwani/terraform-aws-iam-role-policy"
for_each = var.role_policy_map
role_name = each.key
cross_account_id = each.value.cross_account_id
role_name_prefix = each.value.role_name_prefix
assume_role_policy_path = each.value.assume_role_policy_path
list_inline_policies_paths = each.value.inline_policy_paths
list_custom_managed_policies_paths = each.value.custom_managed_policy_paths
list_aws_managed_policies_arns = each.value.managed_policy_arns
common_tags = var.common_tags
}tfvars
aws_region = "us-east-1"
role_policy_map = {
"multiple-sample-role" = {
role_name = "multiple-sample-role"
cross_account_id = "123456789012"
role_name_prefix = "example-"
assume_role_policy_path = "trust-policy.json"
inline_policy_paths = ["inline-policy.json"]
custom_managed_policy_paths = ["custom-multi-managed-policy.json", "custom-multi-managed-eks-policy.json"]
managed_policy_arns = ["arn:aws:iam::aws:policy/AIOpsConsoleAdminPolicy", "arn:aws:iam::aws:policy/AWSAccountActivityAccess"]
}
}Placeholders available for substitution
These placeholders can be used in the policy.json file. It will be replaced with corresponding values at run time. This feature eases the policy document management.
| Name | Description | Type | Default | Required to pass |
|---|---|---|---|---|
| AWS_REGION | AWS Region for the current provider | string |
always providers region |
no |
| CURRENT_ACCOUNT_ID | Current AWS Account ID | string |
Pulled from credentials |
no |
| CROSS_ACCOUNT_ID | Description | string |
"" if not passed in the module block |
yes if it is used in the json for replacement |
Requirements
No requirements.
Providers
| Name | Version |
|---|---|
| aws | n/a |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| aws_iam_policy.custom | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy.inline | resource |
| aws_iam_role_policy_attachment.aws_managed | resource |
| aws_iam_role_policy_attachment.custom | resource |
| aws_caller_identity.current | data source |
| aws_region.current | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| assume_role_policy_path | Assume role policy document for the IAM role | string |
"{}" |
no |
| common_tags | Common tags to apply to the IAM role and policies | map(string) |
{} |
no |
| cross_account_id | Cross account ID for the IAM role | string |
"" |
no |
| custom_managed_policy_name_prefix | Prefix for custom managed policy names | string |
"custom-" |
no |
| inline_policy_name_prefix | Prefix for inline policy names | string |
"inline-" |
no |
| list_aws_managed_policies_arns | List of AWS managed policies to attach to the IAM role | list(string) |
[] |
no |
| list_custom_managed_policies_paths | List of custom managed policies to attach to the IAM role | list(string) |
[] |
no |
| list_inline_policies_paths | List of inline policies to attach to the IAM role | list(string) |
[] |
no |
| policies_dir | Directory containing IAM policy JSON files | string |
"policies" |
no |
| policy_name_prefix | Prefix for the IAM role policy names | string |
"" |
no |
| role_name | Name of the IAM role | string |
"" |
no |
| role_name_prefix | Prefix for the IAM role name | string |
"" |
no |
Outputs
| Name | Description |
|---|---|
| module_output | Outputs from the module. |