aws_iam_policy_document should combine redundant actions #10770
Labels
enhancement
Requests to existing resources that expand the functionality or scope.
service/iam
Issues and PRs that pertain to the iam service.
Community Note
Description
Although there are some IAM actions in policies where you can't immediately tell that they overlap (e.g.
sqs:Add*
is a subset ofsqs:*Permission*
), there are some that obviously do overlap, likes3:Get*
ands3:GetObject*
. When using thesource_json
property foraws_iam_policy_document
, it would be nice if terraform automatically excluded redundant rules likes3:GetObject*
in this example. Because IAM policies do have a restricted size, this may actually make the difference when creating new policies.Obviously, there are a lot of cases to this, but this could probably be done incrementally with a decent amount of improvement without a substantial decrease in performance.
New or Affected Resource(s)
aws_iam_policy_document
aws_iam_policy
The text was updated successfully, but these errors were encountered: