github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/website/source/docs/providers/aws/r/iam_role.html.markdown

github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/website/source/docs/providers/aws/r/iam_role.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_iam_role"
     4  sidebar_current: "docs-aws-resource-iam-role"
     5  description: |-
     6    Provides an IAM role.
     7  ---
     8  
     9  # aws\_iam\_role
    10  
    11  Provides an IAM role.
    12  
    13  ## Example Usage
    14  
    15  ```hcl
    16  resource "aws_iam_role" "test_role" {
    17    name = "test_role"
    18  
    19    assume_role_policy = <<EOF
    20  {
    21    "Version": "2012-10-17",
    22    "Statement": [
    23      {
    24        "Action": "sts:AssumeRole",
    25        "Principal": {
    26          "Service": "ec2.amazonaws.com"
    27        },
    28        "Effect": "Allow",
    29        "Sid": ""
    30      }
    31    ]
    32  }
    33  EOF
    34  }
    35  ```
    36  
    37  ## Argument Reference
    38  
    39  The following arguments are supported:
    40  
    41  * `name` - (Optional, Forces new resource) The name of the role. If omitted, Terraform will assign a random, unique name.
    42  * `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with `name`.
    43  * `assume_role_policy` - (Required) The policy that grants an entity permission to assume the role.
    44  
    45  ~> **NOTE:** This `assume_role_policy` is very similar but slightly different than just a standard IAM policy and cannot use an `aws_iam_policy` resource.  It _can_ however, use an `aws_iam_policy_document` [data source](https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html), see example below for how this could work.
    46  
    47  * `path` - (Optional) The path to the role.
    48    See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
    49  * `description` - (Optional) The description of the role.
    50  
    51  ## Attributes Reference
    52  
    53  The following attributes are exported:
    54  
    55  * `arn` - The Amazon Resource Name (ARN) specifying the role.
    56  * `create_date` - The creation date of the IAM role.
    57  * `unique_id` - The stable and unique string identifying the role.
    58  * `name` - The name of the role.
    59  * `description` - The description of the role.
    60  
    61  ## Example of Using Data Source for Assume Role Policy
    62  
    63  ```hcl
    64  data "aws_iam_policy_document" "instance-assume-role-policy" {
    65    statement {
    66      actions = ["sts:AssumeRole"]
    67  
    68      principals {
    69        type        = "Service"
    70        identifiers = ["ec2.amazonaws.com"]
    71      }
    72    }
    73  }
    74  
    75  resource "aws_iam_role" "instance" {
    76    name               = "instance_role"
    77    path               = "/system/"
    78    assume_role_policy = "${data.aws_iam_policy_document.instance-assume-role-policy.json}"
    79  }
    80  ```
    81  
    82  ## Import
    83  
    84  IAM Roles can be imported using the `name`, e.g.
    85  
    86  ```
    87  $ terraform import aws_iam_role.developer developer_name
    88  ```