-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.yaml
143 lines (124 loc) · 4.47 KB
/
README.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
#
# This is the canonical configuration for the `README.md`
# Run `make readme` to rebuild the `README.md`
#
# Name of this project
name: terraform-aws-iam-policy-document-aggregator
# Tags of this project
tags:
- aws
- terraform
- terraform-modules
- iam
- policy
- role
- policy-document
# Categories of this project
categories:
- terraform-modules/iam
# Logo for this project
#logo: docs/logo.png
# License of this project
license: "APACHE2"
# Canonical GitHub repo
github_repo: cloudposse/terraform-aws-iam-policy-document-aggregator
# Badges to display
badges:
- name: "Latest Release"
image: "https://img.shields.io/github/release/cloudposse/terraform-aws-iam-policy-document-aggregator.svg"
url: "https://github.com/cloudposse/terraform-aws-iam-policy-document-aggregator/releases/latest"
- name: "Slack Community"
image: "https://slack.cloudposse.com/badge.svg"
url: "https://slack.cloudposse.com"
related:
- name: "terraform-aws-iam-role"
description: "A Terraform module that creates IAM role with provided JSON IAM polices documents."
url: "https://github.com/cloudposse/terraform-aws-iam-role"
- name: "terraform-aws-iam-chamber-s3-role"
description: "Terraform module to provision an IAM role with configurable permissions to access S3 as chamber backend."
url: "https://github.com/cloudposse/terraform-aws-iam-chamber-s3-role"
# Short description of this project
description: |-
Terraform module to aggregate multiple IAM policy documents into single policy document.
# NOTE: This module is now deprecated due to new functionality in the Terraform AWS Provider. See below on migration steps
Now that the AWS provider supports the `override_policy_documents` argument on the `aws_iam_policy_document` data source, this module is no longer necessary. All code using this module can be migrated to natively use the `aws_iam_policy_document` data source by doing the following change:
```hcl
# Previous module usage:
module "aggregated_policy" {
source = "cloudposse/iam-policy-document-aggregator/aws"
version = "0.8.0"
source_documents = [
data.aws_iam_policy_document.base.json,
data.aws_iam_policy_document.resource_full_access.json
]
}
```
Replace the above with:
```hcl
data "aws_iam_policy_document" "aggregated" {
override_policy_documents = [
data.aws_iam_policy_document.base.json,
data.aws_iam_policy_document.resource_full_access.json
]
}
```
And then update your references to `module.aggregated_policy.result_document` with `data.aws_iam_policy_document.aggregated.json`.
Please see the discussion in #31 for further details.
# How to use this project
usage: |-
For a complete example, see [examples/complete](examples/complete).
For automated tests of the complete example using [bats](https://github.com/bats-core/bats-core) and [Terratest](https://github.com/gruntwork-io/terratest) (which tests and deploys the example on AWS), see [test](test).
This example creates a single IAM policy document from multiple IAM policy documents.
```hcl
data "aws_iam_policy_document" "resource_full_access" {
statement {
sid = "FullAccess"
effect = "Allow"
resources = ["arn:aws:s3:::bucketname/path/*"]
actions = [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:GetBucketLocation",
"s3:AbortMultipartUpload"
]
}
}
data "aws_iam_policy_document" "base" {
statement {
sid = "BaseAccess"
effect = "Allow"
resources = ["*"]
actions = [
"s3:ListBucket",
"s3:ListBucketVersions"
]
}
}
module "aggregated_policy" {
source = "cloudposse/iam-policy-document-aggregator/aws"
# Cloud Posse recommends pinning every module to a specific version
# version = "x.x.x"
source_documents = [
data.aws_iam_policy_document.base.json,
data.aws_iam_policy_document.resource_full_access.json
]
}
```
### Additional Examples
The [`example`](./example) directory contains the example.
include:
- "docs/terraform.md"
# Contributors to this project
contributors:
- name: "Igor Rodionov"
github: "goruha"
- name: "Maxim Mironenko"
github: "maximmi"
- name: "Erik Osterman"
github: "osterman"
- name: "Andriy Knysh"
github: "aknysh"