diff --git a/.changelog/24423.txt b/.changelog/24423.txt new file mode 100644 index 00000000000..96830637e9d --- /dev/null +++ b/.changelog/24423.txt @@ -0,0 +1,3 @@ +```release-note:new-data-source +aws_iam_instance_profiles +``` \ No newline at end of file diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 623e936065e..d950ecef1ab 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -646,6 +646,7 @@ func Provider() *schema.Provider { "aws_iam_account_alias": iam.DataSourceAccountAlias(), "aws_iam_group": iam.DataSourceGroup(), "aws_iam_instance_profile": iam.DataSourceInstanceProfile(), + "aws_iam_instance_profiles": iam.DataSourceInstanceProfiles(), "aws_iam_openid_connect_provider": iam.DataSourceOpenIDConnectProvider(), "aws_iam_policy": iam.DataSourcePolicy(), "aws_iam_policy_document": iam.DataSourcePolicyDocument(), diff --git a/internal/service/iam/instance_profiles_data_source.go b/internal/service/iam/instance_profiles_data_source.go new file mode 100644 index 00000000000..7e3cc8e3576 --- /dev/null +++ b/internal/service/iam/instance_profiles_data_source.go @@ -0,0 +1,75 @@ +package iam + +import ( + "context" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/iam" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-provider-aws/internal/conns" +) + +func DataSourceInstanceProfiles() *schema.Resource { + return &schema.Resource{ + ReadWithoutTimeout: dataSourceInstanceProfilesRead, + + Schema: map[string]*schema.Schema{ + "arns": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "names": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "paths": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "role_name": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validIamResourceName(roleNameMaxLen), + }, + }, + } +} + +func dataSourceInstanceProfilesRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + conn := meta.(*conns.AWSClient).IAMConn + + roleName := d.Get("role_name").(string) + input := &iam.ListInstanceProfilesForRoleInput{ + RoleName: aws.String(roleName), + } + var arns, names, paths []string + + err := conn.ListInstanceProfilesForRolePagesWithContext(ctx, input, func(page *iam.ListInstanceProfilesForRoleOutput, lastPage bool) bool { + if page == nil { + return !lastPage + } + + for _, v := range page.InstanceProfiles { + arns = append(arns, aws.StringValue(v.Arn)) + names = append(names, aws.StringValue(v.InstanceProfileName)) + paths = append(paths, aws.StringValue(v.Path)) + } + + return !lastPage + }) + + if err != nil { + return diag.Errorf("listing IAM Instance Profiles for Role (%s): %s", roleName, err) + } + + d.SetId(roleName) + d.Set("arns", arns) + d.Set("names", names) + d.Set("paths", paths) + + return nil +} diff --git a/internal/service/iam/instance_profiles_data_source_test.go b/internal/service/iam/instance_profiles_data_source_test.go new file mode 100644 index 00000000000..dba2bd947e6 --- /dev/null +++ b/internal/service/iam/instance_profiles_data_source_test.go @@ -0,0 +1,57 @@ +package iam_test + +import ( + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/service/iam" + sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" +) + +func TestAccIAMInstanceProfilesDataSource_basic(t *testing.T) { + datasourceName := "data.aws_iam_instance_profiles.test" + resourceName := "aws_iam_instance_profile.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID), + Providers: acctest.Providers, + Steps: []resource.TestStep{ + { + Config: testAccInstanceProfilesDataSourceConfig(rName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(datasourceName, "arns.#", "1"), + resource.TestCheckResourceAttr(datasourceName, "paths.#", "1"), + resource.TestCheckResourceAttr(datasourceName, "names.#", "1"), + resource.TestCheckResourceAttrPair(datasourceName, "arns.0", resourceName, "arn"), + resource.TestCheckResourceAttrPair(datasourceName, "paths.0", resourceName, "path"), + resource.TestCheckResourceAttrPair(datasourceName, "names.0", resourceName, "name"), + ), + }, + }, + }) +} + +func testAccInstanceProfilesDataSourceConfig(rName string) string { + return fmt.Sprintf(` +resource "aws_iam_role" "test" { + name = %[1]q + assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}" +} + +resource "aws_iam_instance_profile" "test" { + name = %[1]q + role = aws_iam_role.test.name + path = "/testpath/" +} + +data "aws_iam_instance_profiles" "test" { + role_name = aws_iam_role.test.name + + depends_on = [aws_iam_instance_profile.test] +} +`, rName) +} diff --git a/website/docs/d/iam_instance_profiles.html.markdown b/website/docs/d/iam_instance_profiles.html.markdown new file mode 100644 index 00000000000..cedf1ad1e94 --- /dev/null +++ b/website/docs/d/iam_instance_profiles.html.markdown @@ -0,0 +1,33 @@ +--- +subcategory: "IAM (Identity & Access Management)" +layout: "aws" +page_title: "AWS: aws_iam_instance_profiles" +description: |- + Get information on a Amazon IAM Instance Profiles from IAM role +--- + +# Data Source: aws_iam_instance_profiles + +This data source can be used to fetch information about all +IAM instance profiles under a role. By using this data source, you can reference IAM +instance profile properties without having to hard code ARNs as input. + +## Example Usage + +```terraform +data "aws_iam_instance_profiles" "example" { + role_name = "an_example_iam_role_name" +} +``` + +## Argument Reference + +* `role_name` - (Required) The IAM role name. + +## Attributes Reference + +* `arns` - Set of Amazon Resource Name (ARN) specifying the instance profile. + +* `names` - Set of IAM instance profile names. + +* `paths` - Set of IAM instance profile paths.