Terraform AWS Policy

This module create a policy with dynamic statements

Example

module "my_policy" {
    source = "terraform-aws-policy"

    policy_name = "my_policy"
    policy_description = "my policy does something"
    policy_document_id = "AllowSomething"

    
    policy_body = {
        statement1 = {
          sid        = "statement1",
          effect     = "Allow",
          actions    = ["s3:*"],
          resources  = ["*"],
          conditions = [
            {
              test = "StringLike",
              variable = "s3:prefix",
              values = ["", "home/", "home/&{aws:username}/"]
            }
          ] # One condition for this statement. More statement can be added in the list
        },
        statement2 = {
          sid        = "statement2",
          effect     = "Allow",
          actions    = ["ec2:*"],
          resources  = ["*"],
          conditions = [] # No condition for this statement
        },
    }
}

Requirements

Name	Version
terraform	~> 0.13
aws	~> 3

Inputs

Name	Description	Type	Default	Required
policy_body	The body parameters of the policy.	map(object( { sid = string effect = string actions = list(string) resources = list(string) conditions = list(object({ test = string, variable = string, values = list(string) })) } ) )	n/a	yes
policy_name	The name of the policy.	string	n/a	yes
policy_description	Description of the IAM policy.	string	null	no
policy_document_id	The id of the policy document.	string	null	no
policy_path	Path in which to create the policy.	string	"/"	no

Outputs

Name	Description
policy_arn	Policy arn
policy_id	Policy id
policy_name	Policy name