aws_iam_policy as a data source #1346
Labels
enhancement
Requests to existing resources that expand the functionality or scope.
new-data-source
Introduces a new data source.
service/iam
Issues and PRs that pertain to the iam service.
Milestone
Comments
hashibot
added
the
enhancement
|
The initial |
|
This has been released in terraform-provider-aws version 1.9.0. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This issue was originally opened by @colout as hashicorp/terraform#15734. It was migrated here as a result of the provider split. The original body of the issue is below.
Hello,
Is it currently on your roadmap to create a data source for
aws_iam_policy?I built some
aws_iam_policys in a single state, and I consume them in higher states (I plan to have dozens of states apply these shared policies).The specific use case is to generate some shared polices that every instance's
aws_iam_instance_profilewould apply a-la-carte (describing ec2 tags, access an s3 bucket, etc).I identified two ways of accomplishing this via Terraform, and neither are ideal:
We can define some
aws_iam_policy_documents on the lower state and query for them using"${data.aws_iam_policy_document.policy_name.json}". This is far from ideal since we plan on spinning up hundreds of ASGs, and this creates a giant mess in the AWS console. On top of this adding a single new single new policy to all instances could exponentially increase our policy count (we'll be forced to request less-than-sane aws account limits).The other option is to piece together the policy ARN using our namespacing prefix and our account number (which we'll have to input to the state as a variable now). This doesn't feel like an ideal pattern for terraform, but it works:
arn:aws:iam::${var.aws_account_id}:policy/${var.environment_namespace}.ec2_describetagsThanks, and keep up the great work!
Edit: I typo'd
aws_iam_rolein the first sentence when i meantaws_iam_policy.The text was updated successfully, but these errors were encountered: