aws_iam_policy_attachment

Attaches a Managed IAM Policy to user(s), role(s), and/or group(s)

~> NOTE: The aws_iam_policy_attachment resource is only meant to be used once for each managed policy. All of the users/roles/groups that a single policy is being attached to should be declared by a single aws_iam_policy_attachment resource.

yamlhclresource:
  aws_iam_user:
    user:
      name: test-user
  aws_iam_role:
    role:
      name: test-role
  aws_iam_group:
    group:
      name: test-group
  aws_iam_policy:
    policy:
      name: test-policy
      description: 'A test policy'
      policy:
  aws_iam_policy_attachment:
    test-attach:
      name: test-attachment
      users:
        - '${aws_iam_user.user.name}'
      roles:
        - '${aws_iam_role.role.name}'
      groups:
        - '${aws_iam_group.group.name}'
      policy_arn: '${aws_iam_policy.policy.arn}'
resource "aws_iam_user" "user" {
    name = "test-user"
}
resource "aws_iam_role" "role" {
    name = "test-role"
}
resource "aws_iam_group" "group" {
    name = "test-group"
}

resource "aws_iam_policy" "policy" {
    name = "test-policy"
    description = "A test policy"
    policy = 	#omitted
}

resource "aws_iam_policy_attachment" "test-attach" {
    name = "test-attachment"
    users = ["${aws_iam_user.user.name}"]
    roles = ["${aws_iam_role.role.name}"]
    groups = ["${aws_iam_group.group.name}"]
    policy_arn = "${aws_iam_policy.policy.arn}"
}

Argument Reference

The following arguments are supported:

name (Required) - The name of the policy. This cannot be an empty string.
users (Optional) - The user(s) the policy should be applied to
roles (Optional) - The role(s) the policy should be applied to
groups (Optional) - The group(s) the policy should be applied to
policy_arn (Required) - The ARN of the policy you want to apply

Attributes Reference

The following attributes are exported:

id - The policy’s ID.
name - The name of the policy.

See the source of this document at Terraform.io