如何使用 Terraform 将多个 IAM 策略附加到 IAM 角色? [英] How to attach multiple IAM policies to IAM roles using Terraform?
问题描述
我想将多个 IAM 政策 ARN 附加到单个 IAM 角色.
I want to attach multiple IAM Policy ARNs to a single IAM Role.
一种方法是创建一个具有所有策略(多个策略)权限的新策略.
One method is to create a new policy with privileges of all the policies (multiple policies).
但在 AWS 中,我们有一些预定义的 IAM 策略,例如 AmazonEC2FullAccess
、AmazomS3FullAccess
等.我想将这些组合用于我的角色.
But in AWS, we have some predefined IAM policies like AmazonEC2FullAccess
, AmazomS3FullAccess
, etc. I want to use a combination of these for my role.
我在 Terraform 文档中找不到这样做的方法.
I could not find a way to do so in the Terraform documentation.
根据文档,我们可以使用 aws_iam_role_policy_attachment
将策略附加到一个角色,但不能将多个策略附加到一个角色,因为这可以通过 AWS 控制台获得.
As per documentation we can use aws_iam_role_policy_attachment
to attach a policy to a role, but not multiple policies to a role as this is available via AWS console.
请让我知道是否有方法可以做到这一点,或者它是否仍然是要添加的功能.
Please let me know if there is a method to do the same or is it still a feature to be added.
我使用的 Terraform 版本是 v0.9.5
The Terraform version I use is v0.9.5
推荐答案
感谢 Krishna Kumar R 的提示.
Thanks Krishna Kumar R for the hint.
我从你的回答中得到了一个更精致的答案.
A little more polished answer I reached from your answer.
# Define policy ARNs as list
variable "iam_policy_arn" {
description = "IAM Policy to be attached to role"
type = "list"
}
# Then parse through the list using count
resource "aws_iam_role_policy_attachment" "role-policy-attachment" {
role = "${var.iam_role_name}"
count = "${length(var.iam_policy_arn)}"
policy_arn = "${var.iam_policy_arn[count.index]}"
}
最后应该在 *.tfvars 文件中或在命令行中使用 -var 指定策略列表,例如:
And finally the list of policies should be specified in *.tfvars file or in command line using -var, for example:
iam_policy_arn = ["arn:aws:iam::aws:policy/AmazonEC2FullAccess", "arn:aws:iam::aws:policy/AmazonS3FullAccess"]
这篇关于如何使用 Terraform 将多个 IAM 策略附加到 IAM 角色?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!