github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/aws/r/iam_role.html.markdown

github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/aws/r/iam_role.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_iam_role"
     4  sidebar_current: "docs-aws-resource-iam-role"
     5  description: |-
     6    Provides an IAM role.
     7  ---
     8  
     9  # aws\_iam\_role
    10  
    11  Provides an IAM role.
    12  
    13  ## Example Usage
    14  
    15  ```hcl
    16  resource "aws_iam_role" "test_role" {
    17    name = "test_role"
    18  
    19    assume_role_policy = <<EOF
    20  {
    21    "Version": "2012-10-17",
    22    "Statement": [
    23      {
    24        "Action": "sts:AssumeRole",
    25        "Principal": {
    26          "Service": "ec2.amazonaws.com"
    27        },
    28        "Effect": "Allow",
    29        "Sid": ""
    30      }
    31    ]
    32  }
    33  EOF
    34  }
    35  ```
    36  
    37  ## Argument Reference
    38  
    39  The following arguments are supported:
    40  
    41  * `name` - (Optional, Forces new resource) The name of the role. If omitted, Terraform will assign a random, unique name.
    42  * `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with `name`.
    43  * `assume_role_policy` - (Required) The policy that grants an entity permission to assume the role.
    44  
    45  ~> **NOTE:** This `assume_role_policy` is very similar but slightly different than just a standard IAM policy and cannot use an `aws_iam_policy` resource.  It _can_ however, use an `aws_iam_policy_document` [data source](https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html), see example below for how this could work.
    46  
    47  * `path` - (Optional) The path to the role.
    48    See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
    49  
    50  ## Attributes Reference
    51  
    52  The following attributes are exported:
    53  
    54  * `arn` - The Amazon Resource Name (ARN) specifying the role.
    55  * `create_date` - The creation date of the IAM role.
    56  * `unique_id` - The stable and unique string identifying the role.
    57  * `name` - The name of the role.
    58  
    59  ## Example of Using Data Source for Assume Role Policy
    60  
    61  ```hcl
    62  data "aws_iam_policy_document" "instance-assume-role-policy" {
    63    statement {
    64      actions = ["sts:AssumeRole"]
    65  
    66      principals {
    67        type        = "Service"
    68        identifiers = ["ec2.amazonaws.com"]
    69      }
    70    }
    71  }
    72  
    73  resource "aws_iam_role" "instance" {
    74    name               = "instance_role"
    75    path               = "/system/"
    76    assume_role_policy = "${data.aws_iam_policy_document.instance-assume-role-policy.json}"
    77  }
    78  ```
    79  
    80  ## Import
    81  
    82  IAM Roles can be imported using the `name`, e.g.
    83  
    84  ```
    85  $ terraform import aws_iam_role.developer developer_name
    86  ```