Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/geekcell/terraform-aws-iam-policy
Terraform module to provision an AWS IAM Policy.
https://github.com/geekcell/terraform-aws-iam-policy
aws iam iam-policy terraform terraform-module
Last synced: 1 day ago
JSON representation
Terraform module to provision an AWS IAM Policy.
- Host: GitHub
- URL: https://github.com/geekcell/terraform-aws-iam-policy
- Owner: geekcell
- License: apache-2.0
- Created: 2023-01-12T09:23:41.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-04-04T10:26:08.000Z (6 months ago)
- Last Synced: 2024-09-22T05:02:20.865Z (6 days ago)
- Topics: aws, iam, iam-policy, terraform, terraform-module
- Language: Go
- Homepage: https://www.geekcell.io
- Size: 76.2 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://www.geekcell.io/)
### Code Quality
[](https://github.com/geekcell/terraform-aws-iam-policy/blob/master/LICENSE)
[](https://github.com/geekcell/terraform-aws-iam-policy/releases)
[](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/release.yaml)
[](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/validate.yaml)
[](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/linter.yaml)
[](https://github.com/geekcell/terraform-aws-iam-policy/actions/workflows/test.yaml)
### Security
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=INFRASTRUCTURE+SECURITY)
#### Cloud
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=CIS+AWS+V1.2)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=CIS+AWS+V1.3)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=CIS+AZURE+V1.1)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=CIS+AZURE+V1.3)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=CIS+GCP+V1.1)
##### Container
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=CIS+KUBERNETES+V1.6)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=CIS+EKS+V1.1)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=CIS+GKE+V1.1)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=CIS+KUBERNETES+V1.5)
#### Data protection
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=SOC2)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=PCI-DSS+V3.2)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=PCI-DSS+V3.2.1)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=ISO27001)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=NIST-800-53)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=HIPAA)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-iam-policy&benchmark=FEDRAMP+%28MODERATE%29)
# Terraform AWS IAM Policy
Introducing the AWS IAM Policy Collection Terraform Module, a comprehensive solution for managing your AWS Identity
and Access Management (IAM) policies. This module has been carefully crafted to include the most commonly used
policies in our setups, making it easier for you to manage and secure your AWS resources.
Our team of experts has worked with AWS IAM policies for years and has a deep understanding of the best practices
and configurations. By using this Terraform module, you can be sure that your policies are created and managed in
a secure, efficient, and scalable manner.
This module offers a one-stop-shop for all your IAM policy needs, saving you time and effort in the process. Whether
you're looking to grant access to specific AWS services or to limit the actions that can be performed on your
resources, this module has you covered.
So, if you're looking for a convenient and reliable solution for managing your IAM policies, look no further than
the AWS IAM Policy Collection Terraform Module. Give it a try and see the difference it can make in your AWS setup!
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [create\_policy](#input\_create\_policy) | Whether to create the actual policy resource or to only render it. | `bool` | `true` | no |
| [description](#input\_description) | Description of the Security Group. | `string` | `null` | no |
| [name](#input\_name) | Name of the policy. | `string` | n/a | yes |
| [path](#input\_path) | Path in which to create the policy. | `string` | `"/"` | no |
| [policy\_id](#input\_policy\_id) | ID for the policy document. | `string` | `null` | no |
| [statements](#input\_statements) | A map of principals which can assume the role. |
list(object({
sid = optional(string)
effect = optional(string, "Allow")
actions = optional(list(string))
not_actions = optional(list(string))
resources = optional(list(string))
not_resources = optional(list(string))
conditions = optional(list(object({
test = string
variable = string
values = list(string)
})))
principals = optional(list(object({
type = string
identifiers = list(string)
})))
not_principals = optional(list(object({
type = string
identifiers = list(string)
})))
})) | `[]` | no |
| [tags](#input\_tags) | Tags to add to the Security Group. | `map(any)` | `{}` | no |
| [templates](#input\_templates) | A list of templates. Multiple templates will be combined into a single policy. | list(object({
name = string
vars = optional(map(any))
})) | `[]` | no |
| [use\_name\_prefix](#input\_use\_name\_prefix) | Use the `name` attribute as prefix for the role name. | `bool` | `true` | no |
## Outputs
| Name | Description |
|------|-------------|
| [arn](#output\_arn) | ARN of the IAM policy |
| [id](#output\_id) | ID of the IAM policy |
| [json](#output\_json) | Rendered JSON of the policy. |
| [name](#output\_name) | Name of the IAM policy |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 4.36 |
## Resources
- resource.aws_iam_policy.main (main.tf#101)
- data source.aws_caller_identity.current (main.tf#40)
- data source.aws_iam_policy_document.combined (main.tf#93)
- data source.aws_iam_policy_document.statement (main.tf#48)
- data source.aws_iam_policy_document.template (main.tf#44)
- data source.aws_region.current (main.tf#36)
# Examples
### Statements
```hcl
module "s3_policy" {
source = "../../"
name = var.name
statements = [
{
effect = "Allow"
actions = [
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:ListBucket",
"s3:DeleteObject"
]
resources = [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
]
}
]
}
```
### Templates
```hcl
module "codedeploy_policy" {
source = "../../"
name = var.name
templates = [
{
name = "codedeploy/ecs-blue-green-deployment"
vars = {
codedeploy_app_name = "my-project"
codedeploy_deployment_group_name = "web-app"
ecs_cluster_name = "my-project"
ecs_service_name = "web-app"
task_definition_task_role_name = "web-app"
task_definition_execution_role_name = "web-app-exec"
}
},
{
name = "ecr/push-and-pull"
vars = {
ecr_repository_name = "web-app"
}
}
]
}
```