How can I list which AWS APIs are used by resource block and data block?

I would like to list what AWS APIs are used for each resource block and data block.

For example, in the case of aws_iam_role resource block, I want to get a list of AWS APIs (CreateRole, DeleteRole, etc.) for Terraform CRUD (terraform plan, apply, import, etc.) operations.

AWS APIs required by a specific resource(data) block can be checked by looking at the source code in “ (/internal/service/…)”.

However, every time new provider version is released, it is not possible to check the source code and organize it, so automation is needed.

Is there any good way?

Through this work, i want to implement dynamically assigning and retrieving IAM Policy in the Terraform deployment pipeline.

thank you.

The only thing that knows what API calls will be made is the code of the specific provider. Terraform itself isn’t involved at all - it just asks a provider to create a specific resource. So you’d need to create something which scans the code to try to figure that out.

In reality for a provider such as the AWS provider I’d imagine it doesn’t change much for existing resources. I’d imagine many people are just using the managed roles which give all permissions for a specific service - for example if you are using Terraform to manage S3 buckets you could be using most of the APIs to create/modify/delete buckets & objects.

1 Like