iam-policy
cloudposse/iam-policy/aws
Create an IAM policy from Terraform input
This terraform-aws-iam-policy module is a wrapper around the Terraform aws_iam_policy_document data source, enhancing it to provide multiple ways to create an AWS IAM Policy document (as a JSON string). It is primarily intended to simplify creating a policy in Terraform from external inputs. In particular, if you want to specify a policy in a tfvars file as a Terraform object, or in YAML as part of an Atmos stack (which is them turned into a Terraform object input), this module provides an object type declaration to use for the input and then it can make the translation to JSON for you. If you can supply the policy as JSON to begin with, or conveniently use the aws_iam_policy_document Terraform data source directly, then this module is not helpful in your case. > [!NOTE] > AWS's IAM policy
| Name | Type | Description | Default |
|---|---|---|---|
| tags | map(string) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the t | {} |
| label_order | list(string) | The order in which the labels (ID elements) appear in the `id`. Defaults to ["na | null |
| regex_replace_chars | string | Terraform regular expression (regex) string. Characters matching the regex will | null |
| id_length_limit | number | Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. | null |
| label_key_case | string | Controls the letter case of the `tags` keys (label names) for tags generated by | null |
| descriptor_formats | any | Describe additional descriptors to be output in the `descriptors` output map. Ma | {} |
| context | any | Single object for setting entire context at once. See description of individual | {
"additional_tag_map": {},
"attribu |
| namespace | string | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp' | null |
| tenant | string | ID element _(Rarely used, not included by default)_. A customer identifier, indi | null |
| name | string | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi | null |
| labels_as_tags | set(string) | Set of labels (ID elements) to include as tags in the `tags` output. Default is | [
"default"
] |
| additional_tag_map | map(string) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not add | {} |
| label_value_case | string | Controls the letter case of ID elements (labels) as included in `id`, set as tag | null |
| iam_policy_statements | any | Deprecated: Use `iam_policy` instead. List or Map of IAM policy statements to us | [] |
| delimiter | string | Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` | null |
| attributes | list(string) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, | [] |
| iam_policy_id | string | Deprecated: Use `iam_policy` instead: ID for the policy document when using `iam | null |
| iam_policy | list(object({ policy_id = | IAM policy as list of Terraform objects, compatible with Terraform `aws_iam_poli | [] |
| iam_source_policy_documents | list(string) | List of IAM policy documents (as JSON strings) that are merged together into the | null |
| environment | string | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'st | null |
policy_arn — ARN of created IAM policyjson — JSON body of the IAM policy document