Adding details around using a data source (#11494)

landed on https://github.com/hashicorp/terraform/issues/5541 and wanted to take a shot at adding the appropriate details to the iam role page.
This commit is contained in:
Adam Dehnel 2017-01-29 09:55:46 -06:00 committed by Paul Stack
parent 79024dbf09
commit 6fae202017
1 changed files with 25 additions and 1 deletions

View File

@ -40,6 +40,9 @@ The following arguments are supported:
* `name` - (Optional, Forces new resource) The name of the role. * `name` - (Optional, Forces new resource) The name of the role.
* `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with `name`. * `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with `name`.
* `assume_role_policy` - (Required) The policy that grants an entity permission to assume the role. * `assume_role_policy` - (Required) The policy that grants an entity permission to assume the role.
~> **NOTE:** This `assume_role_policy` is very similar but slightly different than just a standard IAM policy and cannot use an `aws_iam_policy` resource. If _can_ however, use an `aws_iam_policy_document` [data source](https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html), see example below for how this could work.
* `path` - (Optional) The path to the role. * `path` - (Optional) The path to the role.
See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
@ -51,6 +54,27 @@ The following attributes are exported:
* `create_date` - The creation date of the IAM role. * `create_date` - The creation date of the IAM role.
* `unique_id` - The stable and unique string identifying the role. * `unique_id` - The stable and unique string identifying the role.
## Example of Using Data Source for Assume Role Policy
```
data "aws_iam_policy_document" "instance-assume-role-policy" {
statement {
actions = [ "sts:AssumeRole" ]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
resource "aws_iam_role" "instance" {
name = "instance_role"
path = "/system/"
assume_role_policy = "${data.aws_iam_policy_document.instance-assume-role-policy.json}"
}
```
## Import ## Import
IAM Roles can be imported using the `name`, e.g. IAM Roles can be imported using the `name`, e.g.