Hi,
I can manually create and attach an inline policy to a group in AWS console. However, I cannot find an example to do this with Terrafom files. My attempts create normal policies under the group rather than an inline one. Definitely missing something or doing something wrong.
Thanks
resource "aws_iam_group" "devops" {
name = "devops"
}
resource "aws_iam_policy" "terraform_access" {
name = "terraform-access"
policy = jsonencode(
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : "*",
"Resource" : "*"
}
]
}
)
}
resource "aws_iam_role" "terraform" {
name = "terraform"
assume_role_policy = jsonencode(
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : "sts:AssumeRole",
"Principal" : {
"AWS" : "arn:aws:iam::0123456789:root"
}
}
]
}
)
}
# THIS WAS MEANT TO BE THE INLINE POLICY!
resource "aws_iam_policy" "assume_terraform_role" {
name = "assume-terraform-role"
policy = jsonencode(
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : "sts:AssumeRole",
"Resource" : "arn:aws:iam::0123456789:role/terraform"
}
]
}
)
}
resource "aws_iam_group_policy_attachment" "devops_assume_terraform_role" {
group = aws_iam_group.devops.name
policy_arn = aws_iam_policy.assume_terraform_role.arn
}