Last active
January 9, 2023 16:31
-
-
Save pubudusj/053f8846f6ca94a72e87757a79455640 to your computer and use it in GitHub Desktop.
Terraform attaching existing managed policy to a new role
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### New role creation | |
| ### Here assume_role_policy MUST be defined for the trust relationship | |
| resource "aws_iam_role" "codedeploy_service_role" { | |
| name = "CodeDeployServiceRole" | |
| assume_role_policy = <<EOF | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Action": "sts:AssumeRole", | |
| "Principal": { | |
| "Service": "ec2.amazonaws.com" | |
| }, | |
| "Effect": "Allow", | |
| "Sid": "" | |
| } | |
| ] | |
| } | |
| EOF | |
| } | |
| ### AWS policy ARN for existing service role | |
| data "aws_iam_policy" "codedeploy_service_policy" { | |
| arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole" | |
| } | |
| ### Policy attachment | |
| resource "aws_iam_role_policy_attachment" "codedeploy_service_role_policy_attach" { | |
| role = "${aws_iam_role.codedeploy_service_role.name}" | |
| policy_arn = "${data.aws_iam_policy.codedeploy_service_policy.arn}" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment