{"id":19129427,"url":"https://github.com/launchbynttdata/tf-aws-module_collection-iam_policy","last_synced_at":"2026-05-14T22:05:09.048Z","repository":{"id":254193500,"uuid":"795229548","full_name":"launchbynttdata/tf-aws-module_collection-iam_policy","owner":"launchbynttdata","description":null,"archived":false,"fork":false,"pushed_at":"2026-04-02T18:52:50.000Z","size":123,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-03T06:16:41.165Z","etag":null,"topics":["aws","infrastructure-as-code","platform-automation","reference","terraform"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/launchbynttdata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-05-02T20:57:06.000Z","updated_at":"2026-04-02T18:52:47.000Z","dependencies_parsed_at":null,"dependency_job_id":"a1a40e06-9da2-4e9d-852d-9f832fde9a53","html_url":"https://github.com/launchbynttdata/tf-aws-module_collection-iam_policy","commit_stats":null,"previous_names":["launchbynttdata/tf-aws-module_collection-iam_policy"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/launchbynttdata/tf-aws-module_collection-iam_policy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-iam_policy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-iam_policy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-iam_policy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-iam_policy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/launchbynttdata","download_url":"https://codeload.github.com/launchbynttdata/tf-aws-module_collection-iam_policy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-iam_policy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33045149,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"online","status_checked_at":"2026-05-14T02:00:06.663Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","infrastructure-as-code","platform-automation","reference","terraform"],"created_at":"2024-11-09T06:07:28.067Z","updated_at":"2026-05-14T22:05:09.006Z","avatar_url":"https://github.com/launchbynttdata.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tf-aws-module_collection-iam_policy\n\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![License: CC BY-NC-ND 4.0](https://img.shields.io/badge/License-CC_BY--NC--ND_4.0-lightgrey.svg)](https://creativecommons.org/licenses/by-nc-nd/4.0/)\n\n## Overview\n\nWraps and provisions a standard AWS IAM policy. Note that this module does not create any policy attachments from the `role_name` that is provided; that value is used only for tagging purposes.\n\n## Pre-Commit hooks\n\n[.pre-commit-config.yaml](.pre-commit-config.yaml) file defines certain `pre-commit` hooks that are relevant to terraform, golang and common linting tasks. There are no custom hooks added.\n\n`commitlint` hook enforces commit message in certain format. The commit contains the following structural elements, to communicate intent to the consumers of your commit messages:\n\n- **fix**: a commit of the type `fix` patches a bug in your codebase (this correlates with PATCH in Semantic Versioning).\n- **feat**: a commit of the type `feat` introduces a new feature to the codebase (this correlates with MINOR in Semantic Versioning).\n- **BREAKING CHANGE**: a commit that has a footer `BREAKING CHANGE:`, or appends a `!` after the type/scope, introduces a breaking API change (correlating with MAJOR in Semantic Versioning). A BREAKING CHANGE can be part of commits of any type.\nfooters other than BREAKING CHANGE: \u003cdescription\u003e may be provided and follow a convention similar to git trailer format.\n- **build**: a commit of the type `build` adds changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)\n- **chore**: a commit of the type `chore` adds changes that don't modify src or test files\n- **ci**: a commit of the type `ci` adds changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)\n- **docs**: a commit of the type `docs` adds documentation only changes\n- **perf**: a commit of the type `perf` adds code change that improves performance\n- **refactor**: a commit of the type `refactor` adds code change that neither fixes a bug nor adds a feature\n- **revert**: a commit of the type `revert` reverts a previous commit\n- **style**: a commit of the type `style` adds code changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)\n- **test**: a commit of the type `test` adds missing tests or correcting existing tests\n\nBase configuration used for this project is [commitlint-config-conventional (based on the Angular convention)](https://github.com/conventional-changelog/commitlint/tree/master/@commitlint/config-conventional#type-enum)\n\nIf you are a developer using vscode, [this](https://marketplace.visualstudio.com/items?itemName=joshbolduc.commitlint) plugin may be helpful.\n\n`detect-secrets-hook` prevents new secrets from being introduced into the baseline. TODO: INSERT DOC LINK ABOUT HOOKS\n\nIn order for `pre-commit` hooks to work properly\n\n- You need to have the pre-commit package manager installed. [Here](https://pre-commit.com/#install) are the installation instructions.\n- `pre-commit` would install all the hooks when commit message is added by default except for `commitlint` hook. `commitlint` hook would need to be installed manually using the command below\n\n```\npre-commit install --hook-type commit-msg\n```\n\n## To test the resource group module locally\n\n1. For development/enhancements to this module locally, you'll need to install all of its components. This is controlled by the `configure` target in the project's [`Makefile`](./Makefile). Before you can run `configure`, familiarize yourself with the variables in the `Makefile` and ensure they're pointing to the right places.\n\n```\nmake configure\n```\n\nThis adds in several files and directories that are ignored by `git`. They expose many new Make targets.\n\n2. The first target you care about is `env`. This is the common interface for setting up environment variables. The values of the environment variables will be used to authenticate with cloud provider from local development workstation.\n\n`make configure` command will bring down `azure_env.sh` file on local workstation. Devloper would need to modify this file, replace the environment variable values with relevant values.\n\nThese environment variables are used by `terratest` integration suit.\n\nService principle used for authentication(value of ARM_CLIENT_ID) should have below privileges on resource group within the subscription.\n\n```\n\"Microsoft.Resources/subscriptions/resourceGroups/write\"\n\"Microsoft.Resources/subscriptions/resourceGroups/read\"\n\"Microsoft.Resources/subscriptions/resourceGroups/delete\"\n```\n\nThen run this make target to set the environment variables on developer workstation.\n\n```\nmake env\n```\n\n3. The first target you care about is `check`.\n\n**Pre-requisites**\nBefore running this target it is important to ensure that, developer has created files mentioned below on local workstation under root directory of git repository that contains code for primitives/segments. Note that these files are `azure` specific. If primitive/segment under development uses any other cloud provider than azure, this section may not be relevant.\n\n- A file named `provider.tf` with contents below\n\n```\nprovider \"azurerm\" {\n  features {}\n}\n```\n\n- A file named `terraform.tfvars` which contains key value pair of variables used.\n\nNote that since these files are added in `gitignore` they would not be checked in into primitive/segment's git repo.\n\nAfter creating these files, for running tests associated with the primitive/segment, run\n\n```\nmake check\n```\n\nIf `make check` target is successful, developer is good to commit the code to primitive/segment's git repo.\n\n`make check` target\n\n- runs `terraform commands` to `lint`,`validate` and `plan` terraform code.\n- runs `conftests`. `conftests` make sure `policy` checks are successful.\n- runs `terratest`. This is integration test suit.\n- runs `opa` tests\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | ~\u003e 1.5 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 5.0 |\n\n## Providers\n\nNo providers.\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_resource_names\"\u003e\u003c/a\u003e [resource\\_names](#module\\_resource\\_names) | terraform.registry.launch.nttdata.com/module_library/resource_name/launch | ~\u003e 2.0 |\n| \u003ca name=\"module_iam_policy\"\u003e\u003c/a\u003e [iam\\_policy](#module\\_iam\\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | ~\u003e 5.22.0 |\n\n## Resources\n\nNo resources.\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_logical_product_family\"\u003e\u003c/a\u003e [logical\\_product\\_family](#input\\_logical\\_product\\_family) | Logical product family that the resource belongs to. | `string` | `\"platform\"` | no |\n| \u003ca name=\"input_logical_product_service\"\u003e\u003c/a\u003e [logical\\_product\\_service](#input\\_logical\\_product\\_service) | Logical product service that the resource belongs to. | `string` | `\"service\"` | no |\n| \u003ca name=\"input_environment\"\u003e\u003c/a\u003e [environment](#input\\_environment) | Environment in which the resource should be provisioned like dev, qa, prod etc. | `string` | `\"dev\"` | no |\n| \u003ca name=\"input_environment_number\"\u003e\u003c/a\u003e [environment\\_number](#input\\_environment\\_number) | The environment count for the respective environment. Defaults to 000. Increments in value of 1 | `string` | `\"000\"` | no |\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | AWS Region in which the infra needs to be provisioned | `string` | `\"us-east-2\"` | no |\n| \u003ca name=\"input_resource_number\"\u003e\u003c/a\u003e [resource\\_number](#input\\_resource\\_number) | The resource count for the respective resource. Defaults to 000. Increments in value of 1 | `string` | `\"000\"` | no |\n| \u003ca name=\"input_resource_names_map\"\u003e\u003c/a\u003e [resource\\_names\\_map](#input\\_resource\\_names\\_map) | A map of key to resource\\_name that will be used by tf-aws-module\\_collection-iam\\_policy module to generate resource names. If using this wrapper module to create multiple policies within a role, you should adjust this default value to ensure uniqueness across your policies. | \u003cpre\u003emap(object(\u003cbr\u003e    {\u003cbr\u003e      name       = string\u003cbr\u003e      max_length = optional(number, 60)\u003cbr\u003e    }\u003cbr\u003e  ))\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"iam_policy\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"plcy\"\u003cbr\u003e  }\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_policy\"\u003e\u003c/a\u003e [policy](#input\\_policy) | A single valid JSON document containing a policy. | `string` | n/a | yes |\n| \u003ca name=\"input_role_name\"\u003e\u003c/a\u003e [role\\_name](#input\\_role\\_name) | Name of the IAM role that should be associated with this policy. This value does not create an attachment but does contribute to tags that are required on the Policy. | `string` | n/a | yes |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | A map of tags to add to the resources created by the module. | `map(string)` | `{}` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_arn\"\u003e\u003c/a\u003e [arn](#output\\_arn) | n/a |\n| \u003ca name=\"output_name\"\u003e\u003c/a\u003e [name](#output\\_name) | n/a |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_collection-iam_policy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_collection-iam_policy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_collection-iam_policy/lists"}