How can update a resource made outside of terraform via terraform?

Question

AWS Quicksight has a built in default role aws-quicksight-service-role-v0 which does not have any policy attached to it. Knowing its ARN, I want to attach policies to the role via terraform. How can I achieve this? In other words, how can I import a manually/automatically created resource outside terraform, into terraform?

Well, you can do that by using `terraform import` command. You are looking for this in particular: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role#import. — Marko E, Aug 24 '22 at 06:52

score 1 · Answer 1 · answered Aug 24 '22 at 07:52

1

If you just want to add a new policy to an existing IAM role and you know its ARN, you don't have to import it. You can just use aws_iam_role_policy to define and add the policy that you want to pre-existing role.

answered Aug 24 '22 at 07:52

Marcin

215,873
14
235
294

score 0 · Answer 2 · answered Aug 24 '22 at 07:36

0

To work with resources already existing use data-sources: https://www.terraform.io/language/data-sources

answered Aug 24 '22 at 07:36

Erik Asplund

673
4
14

score 0 · Accepted Answer · answered Aug 27 '22 at 08:37

In my particular case, the below reference helped to pick the role by name and attach needed policies to it. As explained it works per policy, meaning you need to pick one policy at a time and attach it to as many roles or users you want. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment

How can update a resource made outside of terraform via terraform?

3 Answers3