Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_iam_policy_document should combine redundant actions #10770

Open
ghost opened this issue Nov 6, 2019 · 0 comments
Open

aws_iam_policy_document should combine redundant actions #10770

ghost opened this issue Nov 6, 2019 · 0 comments
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/iam Issues and PRs that pertain to the iam service.

Comments

@ghost
Copy link

ghost commented Nov 6, 2019

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Although there are some IAM actions in policies where you can't immediately tell that they overlap (e.g. sqs:Add* is a subset of sqs:*Permission*), there are some that obviously do overlap, like s3:Get* and s3:GetObject*. When using the source_json property for aws_iam_policy_document, it would be nice if terraform automatically excluded redundant rules like s3:GetObject* in this example. Because IAM policies do have a restricted size, this may actually make the difference when creating new policies.

Obviously, there are a lot of cases to this, but this could probably be done incrementally with a decent amount of improvement without a substantial decrease in performance.

New or Affected Resource(s)

  • aws_iam_policy_document
  • aws_iam_policy
@ghost ghost added enhancement Requests to existing resources that expand the functionality or scope. service/iam Issues and PRs that pertain to the iam service. labels Nov 6, 2019
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Nov 6, 2019
@breathingdust breathingdust removed the needs-triage Waiting for first response or review from a maintainer. label Sep 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/iam Issues and PRs that pertain to the iam service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@breathingdust