Hi,
We are using for_each to create multiple IAM policies/roles. We want to attach these policies to the roles.
As the policies haven’t been created yet we don’t know the ARN. How can we attach multiple policies to the roles in the terraform that doesn’t involve us creating the policies first, updating the terraform then running it again?
Is it possible to use the output of iam_policy in aws_iam_role_policy_attachment?
I realise: policy_arn = each.aws_iam_policy.iam_policy.arn will not work as the arn is not set in the variable
Code below for an example:
resource "aws_iam_policy" "iam_policy" {
for_each = var.vars
name = each.value.iam_policy_name
description = each.value.iam_policy_description
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": [
"*"
]
}
]
})
depends_on = [aws_s3_bucket.s3_bucket]
}
resource "aws_iam_role_policy_attachment" "iam_attachment" {
for_each = var.vars
role = each.value.iam_role
policy_arn = each.aws_iam_policy.iam_policy.arn
}