Adding details around using a data source (#11494)
landed on https://github.com/hashicorp/terraform/issues/5541 and wanted to take a shot at adding the appropriate details to the iam role page.
This commit is contained in:
parent
79024dbf09
commit
6fae202017
|
@ -40,6 +40,9 @@ The following arguments are supported:
|
||||||
* `name` - (Optional, Forces new resource) The name of the role.
|
* `name` - (Optional, Forces new resource) The name of the role.
|
||||||
* `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with `name`.
|
* `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with `name`.
|
||||||
* `assume_role_policy` - (Required) The policy that grants an entity permission to assume the role.
|
* `assume_role_policy` - (Required) The policy that grants an entity permission to assume the role.
|
||||||
|
|
||||||
|
~> **NOTE:** This `assume_role_policy` is very similar but slightly different than just a standard IAM policy and cannot use an `aws_iam_policy` resource. If _can_ however, use an `aws_iam_policy_document` [data source](https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html), see example below for how this could work.
|
||||||
|
|
||||||
* `path` - (Optional) The path to the role.
|
* `path` - (Optional) The path to the role.
|
||||||
See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
|
See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
|
||||||
|
|
||||||
|
@ -51,6 +54,27 @@ The following attributes are exported:
|
||||||
* `create_date` - The creation date of the IAM role.
|
* `create_date` - The creation date of the IAM role.
|
||||||
* `unique_id` - The stable and unique string identifying the role.
|
* `unique_id` - The stable and unique string identifying the role.
|
||||||
|
|
||||||
|
## Example of Using Data Source for Assume Role Policy
|
||||||
|
|
||||||
|
```
|
||||||
|
data "aws_iam_policy_document" "instance-assume-role-policy" {
|
||||||
|
statement {
|
||||||
|
actions = [ "sts:AssumeRole" ]
|
||||||
|
|
||||||
|
principals {
|
||||||
|
type = "Service"
|
||||||
|
identifiers = ["ec2.amazonaws.com"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_role" "instance" {
|
||||||
|
name = "instance_role"
|
||||||
|
path = "/system/"
|
||||||
|
assume_role_policy = "${data.aws_iam_policy_document.instance-assume-role-policy.json}"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
## Import
|
## Import
|
||||||
|
|
||||||
IAM Roles can be imported using the `name`, e.g.
|
IAM Roles can be imported using the `name`, e.g.
|
||||||
|
|
Loading…
Reference in New Issue