I am using terragrunt to call my terraform module.I have one terragrunt.hcl for my dev and another for testing environment.I would like to be able to attach AWS Managed policy(AdministratorAccess) to my Dev account and (AmazonEC2FullAccess) to my testing account using input variable so that I can remove the policy line in my aws_iam_role_policy section
terragrunt.hcl
terraform {
source = "..//module/vpc"
}
include {
path = find_in_parent_folders()
}
inputs = {
}
main.tf
resource "aws_iam_role" "GitHubActions" {
name = var.GithubAction_role
assume_role_policy = <<EOF
{
"Version":"2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "sts:AssumeRoleWithWebIdentity",
"Principal":{
"Federated": "${aws_iam_openid_connect_provider.github_oidc_github_actions.arn}"
}
}
EOF
}
resource "aws_iam_role_policy" "GitHubActions"{
name = var.policy
role = aws_iam_role.GitHubActions.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement":[
{
"Sid": "",
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
EOF
}