0

I am using terragrunt to call my terraform module.I have one terragrunt.hcl for my dev and another for testing environment.I would like to be able to attach AWS Managed policy(AdministratorAccess) to my Dev account and (AmazonEC2FullAccess) to my testing account using input variable so that I can remove the policy line in my aws_iam_role_policy section

terragrunt.hcl

terraform {
  source = "..//module/vpc"
}


include {
  path = find_in_parent_folders()
}

inputs = {

 
} 


main.tf
resource "aws_iam_role" "GitHubActions" {
  name = var.GithubAction_role

  assume_role_policy = <<EOF
{
  "Version":"2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": "sts:AssumeRoleWithWebIdentity",
    "Principal":{
      "Federated": "${aws_iam_openid_connect_provider.github_oidc_github_actions.arn}"
    }
}
EOF
}




resource "aws_iam_role_policy" "GitHubActions"{
  name = var.policy
  role = aws_iam_role.GitHubActions.id

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement":[
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "*",
      "Resource": "*"
    }
  ]
}
EOF
}
bibi
  • 285
  • 3
  • 21

1 Answers1

1

I'm not sure to fully understand your question. You cannot attach an IAM Policy to an account. However, you can attach it to an IAM Role which seems to be your goal here? If yes, you can use a data source:

data "aws_iam_policy" "AmazonEC2FullAccess" {
  arn = "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
}

resource "aws_iam_role_policy_attachment" "attachment" {
  role       = aws_iam_role.GitHubActions.name
  policy_arn = data.aws_iam_policy.AmazonEC2FullAccess.arn
}

See iam_role_policy_attachment and iam policy data source.

Mornor
  • 3,471
  • 8
  • 31
  • 69
  • do you know if the data source policy will accept a list of managed policy arn if i need to attach more than one managed policy to a role like ["arn1","arn2"] etc – bibi Nov 23 '21 at 18:10
  • 1
    Yes, you can. But then you would need to pass a list of policies, and loop through them. More info [here](https://stackoverflow.com/questions/45486041/how-to-attach-multiple-iam-policies-to-iam-roles-using-terraform). – Mornor Nov 24 '21 at 12:28