如何使用 Terraform 将多个 IAM 策略附加到 IAM 角色? [英] How to attach multiple IAM policies to IAM roles using Terraform?

问题描述

我想将多个 IAM 政策 ARN 附加到单个 IAM 角色.

I want to attach multiple IAM Policy ARNs to a single IAM Role.

一种方法是创建一个具有所有策略(多个策略)权限的新策略.

One method is to create a new policy with privileges of all the policies (multiple policies).

但在 AWS 中，我们有一些预定义的 IAM 策略，例如 AmazonEC2FullAccess、AmazomS3FullAccess 等.我想将这些组合用于我的角色.

But in AWS, we have some predefined IAM policies like AmazonEC2FullAccess, AmazomS3FullAccess, etc. I want to use a combination of these for my role.

我在 Terraform 文档中找不到这样做的方法.

I could not find a way to do so in the Terraform documentation.

根据文档，我们可以使用 aws_iam_role_policy_attachment 将策略附加到一个角色，但不能将多个策略附加到一个角色，因为这可以通过 AWS 控制台获得.

As per documentation we can use aws_iam_role_policy_attachment to attach a policy to a role, but not multiple policies to a role as this is available via AWS console.

请让我知道是否有方法可以做到这一点，或者它是否仍然是要添加的功能.

Please let me know if there is a method to do the same or is it still a feature to be added.

我使用的 Terraform 版本是 v0.9.5

The Terraform version I use is v0.9.5

推荐答案

感谢 Krishna Kumar R 的提示.

Thanks Krishna Kumar R for the hint.

我从你的回答中得到了一个更精致的答案.

A little more polished answer I reached from your answer.

# Define policy ARNs as list
variable "iam_policy_arn" {
  description = "IAM Policy to be attached to role"
  type = "list"
}

# Then parse through the list using count
resource "aws_iam_role_policy_attachment" "role-policy-attachment" {
  role       = "${var.iam_role_name}"
  count      = "${length(var.iam_policy_arn)}"
  policy_arn = "${var.iam_policy_arn[count.index]}"
}

最后应该在 *.tfvars 文件中或在命令行中使用 -var 指定策略列表，例如:

And finally the list of policies should be specified in *.tfvars file or in command line using -var, for example:

iam_policy_arn = ["arn:aws:iam::aws:policy/AmazonEC2FullAccess", "arn:aws:iam::aws:policy/AmazonS3FullAccess"]

这篇关于如何使用 Terraform 将多个 IAM 策略附加到 IAM 角色?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！