我想将AWS中的现有策略与角色相关联,我正在使用terraform工具
我想将这些策略相关联,此代码与aws cloudformation工具一起使用:
AWSCodeCommitFullAccess
AWSCodeBuildAdminAccess
AWSCodeDeployFullAccess
AWSCodePipelineFullAccess
AWSElasticBeanstalkFullAccess
尝试附加
data "aws_iam_policy" "attach-policy" {
arn = ["arn:aws:iam::aws:policy/AWSCodeCommitFullAccess", "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess", "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess", "arn:aws:iam::aws:policy/AWSCodePipelineFullAccess"]
}
resource "aws_iam_role_policy_attachment" "tc-role-policy-attach" {
role = "${aws_iam_role.toolchain-role.name}"
policy_arn = "${data.aws_iam_policy.attach-policy.arn}"
}
答案 0 :(得分:0)
使用地形资源aws_iam_role_policy_attachment可以朝正确的方向前进,但要进行一些调整。
AWS托管策略的ARN存在于系统中。例如,如果您需要将第一个托管策略附加到IAM角色,
\n您可以一个一个地添加其他托管策略。
如果您想一起做,可以尝试以下代码
resource "aws_iam_role_policy_attachment" "test-policy-AWSCodeCommitFullAccess" {
policy_arn = "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess"
role = "${aws_iam_role.toolchain-role.name}"
}