Raj*_*mar 2 amazon-iam terraform terraform-provider-aws
我正在编写一个 tf 脚本来创建一个角色并将 AWS 托管策略附加到该角色。如果我的策略是自定义策略,这有效,如果我需要使用 AWS 托管策略,我如何将我的策略附加到角色。有没有办法使用“数据”从 AWS 推断角色 ARN
resource "aws_iam_role" "CloudWatchAgentServerRole" {
name = "CloudWatchAgentServerRole"
description = "Role created to allow Memory metrics to CloudWatch "
assume_role_policy = file("role.json")
}
#Create Policy - Not Required as its an AWS Managed Policy
/*resource "aws_iam_policy" "CloudWatchAgentServerPolicy" {
name = "CloudWatchAgentServerPolicy"
description = "Permissions required to use AmazonCloudWatchAgent on servers"
policy = file("policy.json")
}*/
# Attach Policy
resource "aws_iam_role_policy_attachment" "CloudWatchAgentServer" {
role = aws_iam_role.CloudWatchAgentServerRole.name
policy_arn = aws_iam_policy.CloudWatchAgentServerPolicy.arn
}
谢谢
AWS 托管策略的 ARNarn:aws:iam::aws:policy/后跟策略名称。真的没有必要使用data元素来查找它,因为它总是采用那种格式。因此,要在您的示例中附加策略,您将使用以下内容:
resource "aws_iam_role_policy_attachment" "CloudWatchAgentServer" {
role = aws_iam_role.CloudWatchAgentServerRole.name
policy_arn = "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
}
| 归档时间: |
|
| 查看次数: |
740 次 |
| 最近记录: |