Say I have two modules (for different functions), each defines an IAM instance profile. When I use any one of them, I can associate the profile id to my instance. This is fine.
But when I want to use both of them, I cannot figure out how to make it.
Even I tried the get json of the policy documents, assigning them to my (new) IAM instance profile, I do not know how to merge them into one json.
A couple of questions for you.
- Are you trying to add both profiles to the same instance?
- Are you defining the role with an inline policy?
- Can you post your
main.tf
? (where you call both modules)
Sorry, it was long and I do not have the code right now.
-
Two profiles, two policies. Any way I can associate a few modularized policies to one instance.
-
No.
-
No code for now.
You’ll want to create an iam instance profile:
then attach policies to it:
Once the role is created in one module you should output it and attach the new policy to the existing role.
Thanks. I may misunderstand this. So aws_iam_role_policy_attachment could be used multiple times against one role?
Yes, that is the preferred method of adding policies to roles even if it’s just one.
1 Like