2015-05-12 23:09:46 +02:00
---
layout: "aws"
page_title: "AWS: aws_iam_role"
sidebar_current: "docs-aws-resource-iam-role"
description: |-
Provides an IAM role.
---
# aws\_iam\_role
Provides an IAM role.
## Example Usage
```
resource "aws_iam_role" "test_role" {
2017-02-18 23:48:50 +01:00
name = "test_role"
assume_role_policy = < < EOF
2015-05-12 23:09:46 +02:00
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
```
## Argument Reference
The following arguments are supported:
2016-06-05 01:46:27 +02:00
* `name` - (Optional, Forces new resource) The name of the role.
* `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with `name` .
2015-05-12 23:09:46 +02:00
* `assume_role_policy` - (Required) The policy that grants an entity permission to assume the role.
2017-01-29 16:55:46 +01:00
2017-03-01 23:18:01 +01:00
~> **NOTE:** This `assume_role_policy` is very similar but slightly different than just a standard IAM policy and cannot use an `aws_iam_policy` resource. It _can_ however, use an `aws_iam_policy_document` [data source ](https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html ), see example below for how this could work.
2017-01-29 16:55:46 +01:00
2015-05-12 23:09:46 +02:00
* `path` - (Optional) The path to the role.
2016-01-14 21:55:39 +01:00
See [IAM Identifiers ](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html ) for more information.
2015-05-12 23:09:46 +02:00
## Attributes Reference
2016-11-14 10:33:53 +01:00
The following attributes are exported:
2015-05-12 23:09:46 +02:00
* `arn` - The Amazon Resource Name (ARN) specifying the role.
2016-11-14 10:33:53 +01:00
* `create_date` - The creation date of the IAM role.
2015-05-12 23:09:46 +02:00
* `unique_id` - The stable and unique string identifying the role.
2017-03-07 14:57:15 +01:00
* `name` - The name of the role.
2016-12-22 13:41:43 +01:00
2017-01-29 16:55:46 +01:00
## Example of Using Data Source for Assume Role Policy
```
data "aws_iam_policy_document" "instance-assume-role-policy" {
statement {
2017-02-18 23:48:50 +01:00
actions = ["sts:AssumeRole"]
2017-01-29 16:55:46 +01:00
principals {
2017-02-18 23:48:50 +01:00
type = "Service"
2017-01-29 16:55:46 +01:00
identifiers = ["ec2.amazonaws.com"]
}
}
}
resource "aws_iam_role" "instance" {
2017-02-18 23:48:50 +01:00
name = "instance_role"
path = "/system/"
2017-01-29 16:55:46 +01:00
assume_role_policy = "${data.aws_iam_policy_document.instance-assume-role-policy.json}"
}
```
2016-12-22 13:41:43 +01:00
## Import
IAM Roles can be imported using the `name` , e.g.
```
$ terraform import aws_iam_role.developer developer_name
2017-01-29 16:55:46 +01:00
```