generated from dxw/terraform-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiam-custom-roles.tf
34 lines (29 loc) · 964 Bytes
/
iam-custom-roles.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
resource "aws_iam_role" "custom" {
for_each = local.custom_iam_roles
name = each.key
description = each.value["description"]
assume_role_policy = jsonencode(each.value["assume_role_policy"])
}
resource "aws_iam_policy" "custom" {
for_each = merge(flatten([
for role_name, role in local.custom_iam_roles : {
for policy_name, policy in role.policies :
"${role_name}_${policy_name}" => {
role_name = role_name
policy_name = policy_name
policy = policy
}
}
])...)
name = each.value["policy_name"]
description = each.value["policy"]["description"]
policy = jsonencode({
Version = each.value["policy"]["Version"],
Statement = each.value["policy"]["Statement"]
})
}
resource "aws_iam_role_policy_attachment" "custom" {
for_each = aws_iam_policy.custom
role = aws_iam_role.custom[split("_", each.key)[0]].name
policy_arn = each.value.arn
}