Merge pull request #24423 from Aegon95/d_iam_list_instance_profiles_f…

…or_role

Added new datasource for listing instance profiles for a role

.changelog/24423.txt

@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_iam_instance_profiles
+```

internal/provider/provider.go

@@ -656,6 +656,7 @@ func Provider() *schema.Provider {
 			"aws_iam_account_alias":           iam.DataSourceAccountAlias(),
 			"aws_iam_group":                   iam.DataSourceGroup(),
 			"aws_iam_instance_profile":        iam.DataSourceInstanceProfile(),
+			"aws_iam_instance_profiles":       iam.DataSourceInstanceProfiles(),
 			"aws_iam_openid_connect_provider": iam.DataSourceOpenIDConnectProvider(),
 			"aws_iam_policy":                  iam.DataSourcePolicy(),
 			"aws_iam_policy_document":         iam.DataSourcePolicyDocument(),

internal/service/iam/instance_profiles_data_source.go

@@ -0,0 +1,75 @@
+package iam
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/iam"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+)
+
+func DataSourceInstanceProfiles() *schema.Resource {
+	return &schema.Resource{
+		ReadWithoutTimeout: dataSourceInstanceProfilesRead,
+
+		Schema: map[string]*schema.Schema{
+			"arns": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"names": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"paths": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"role_name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validIamResourceName(roleNameMaxLen),
+			},
+		},
+	}
+}
+
+func dataSourceInstanceProfilesRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn := meta.(*conns.AWSClient).IAMConn
+
+	roleName := d.Get("role_name").(string)
+	input := &iam.ListInstanceProfilesForRoleInput{
+		RoleName: aws.String(roleName),
+	}
+	var arns, names, paths []string
+
+	err := conn.ListInstanceProfilesForRolePagesWithContext(ctx, input, func(page *iam.ListInstanceProfilesForRoleOutput, lastPage bool) bool {
+		if page == nil {
+			return !lastPage
+		}
+
+		for _, v := range page.InstanceProfiles {
+			arns = append(arns, aws.StringValue(v.Arn))
+			names = append(names, aws.StringValue(v.InstanceProfileName))
+			paths = append(paths, aws.StringValue(v.Path))
+		}
+
+		return !lastPage
+	})
+
+	if err != nil {
+		return diag.Errorf("listing IAM Instance Profiles for Role (%s): %s", roleName, err)
+	}
+
+	d.SetId(roleName)
+	d.Set("arns", arns)
+	d.Set("names", names)
+	d.Set("paths", paths)
+
+	return nil
+}

internal/service/iam/instance_profiles_data_source_test.go

@@ -0,0 +1,57 @@
+package iam_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/iam"
+	sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+)
+
+func TestAccIAMInstanceProfilesDataSource_basic(t *testing.T) {
+	datasourceName := "data.aws_iam_instance_profiles.test"
+	resourceName := "aws_iam_instance_profile.test"
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:   func() { acctest.PreCheck(t) },
+		ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID),
+		Providers:  acctest.Providers,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccInstanceProfilesDataSourceConfig(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(datasourceName, "arns.#", "1"),
+					resource.TestCheckResourceAttr(datasourceName, "paths.#", "1"),
+					resource.TestCheckResourceAttr(datasourceName, "names.#", "1"),
+					resource.TestCheckResourceAttrPair(datasourceName, "arns.0", resourceName, "arn"),
+					resource.TestCheckResourceAttrPair(datasourceName, "paths.0", resourceName, "path"),
+					resource.TestCheckResourceAttrPair(datasourceName, "names.0", resourceName, "name"),
+				),
+			},
+		},
+	})
+}
+
+func testAccInstanceProfilesDataSourceConfig(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_iam_role" "test" {
+  name               = %[1]q
+  assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}"
+}
+
+resource "aws_iam_instance_profile" "test" {
+  name = %[1]q
+  role = aws_iam_role.test.name
+  path = "/testpath/"
+}
+
+data "aws_iam_instance_profiles" "test" {
+  role_name = aws_iam_role.test.name
+
+  depends_on = [aws_iam_instance_profile.test]
+}
+`, rName)
+}

website/docs/d/iam_instance_profiles.html.markdown

@@ -0,0 +1,33 @@
+---
+subcategory: "IAM (Identity & Access Management)"
+layout: "aws"
+page_title: "AWS: aws_iam_instance_profiles"
+description: |-
+  Get information on a Amazon IAM Instance Profiles from IAM role
+---
+
+# Data Source: aws_iam_instance_profiles
+
+This data source can be used to fetch information about all
+IAM instance profiles under a role. By using this data source, you can reference IAM
+instance profile properties without having to hard code ARNs as input.
+
+## Example Usage
+
+```terraform
+data "aws_iam_instance_profiles" "example" {
+  role_name = "an_example_iam_role_name"
+}
+```
+
+## Argument Reference
+
+* `role_name` - (Required) The IAM role name.
+
+## Attributes Reference
+
+* `arns` - Set of Amazon Resource Name (ARN) specifying the instance profile.
+
+* `names` - Set of IAM instance profile names.
+
+* `paths` - Set of IAM instance profile paths.