-
-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
option to create an inline policy #21
Comments
Closing as |
My hope was that instead of setting module "iam_policy" {
# ...
inline_enabled = true
role_arn = "arn:..."
} which would disable the Please reconsider. |
Oh nvm, maybe the readme already states that this is enough. Thanks for considering. resource "aws_iam_role" "example" {
name = "hello_role"
assume_role_policy = data.aws_iam_policy_document.assume_role.json
inline_policy {
name = "test_policy"
policy = module.iam_policy.json
}
} |
Just happened to come across this again because I was looking at https://github.com/cloudposse/terraform-aws-eks-iam-role and wanted to use an inline policy there. I looked inside and it wasn't using this module, so I went back here to look for the inline method and came across this issue again. Rereading this thread, I noticed that we may have a misunderstanding.
I wasn't suggesting creating a role, but instead, attaching the inline policy (instead of a managed policy) to an existing role which would then need to be provided. See this aws_iam_role_policy for attaching inline policies to existing roles. e.g. module "iam_policy" {
# ...
inline_attach_role_name = module.role.name
} Would you reconsider? If so, this would help other downstream modules to reuse this logic and easily toggle between inline and managed policies without needing to recreate the logic per module. |
Have a question? Please checkout our Slack Community or visit our Slack Archive.
Describe the Feature
Option to create an inline policy and attach it to a role. If that is implemented, we currently create a managed policy here and it would be good to also optionally to attach it to a role. This will allow people to use one or the other for all of our modules.
Related pr https://github.com/cloudposse/terraform-aws-ec2-bastion-server/pull/102/files
Workaround for now is to set
iam_policy_enabled = false
and use thejson
output like in the example in the README.The text was updated successfully, but these errors were encountered: