github.com/nevins-b/terraform@v0.3.8-0.20170215184714-bbae22007d5a/website/source/docs/providers/aws/r/iam_role.html.markdown

github.com/nevins-b/terraform@v0.3.8-0.20170215184714-bbae22007d5a/website/source/docs/providers/aws/r/iam_role.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_iam_role"
     4  sidebar_current: "docs-aws-resource-iam-role"
     5  description: |-
     6    Provides an IAM role.
     7  ---
     8  
     9  # aws\_iam\_role
    10  
    11  Provides an IAM role.
    12  
    13  ## Example Usage
    14  
    15  ```
    16  resource "aws_iam_role" "test_role" {
    17      name = "test_role"
    18      assume_role_policy = <<EOF
    19  {
    20    "Version": "2012-10-17",
    21    "Statement": [
    22      {
    23        "Action": "sts:AssumeRole",
    24        "Principal": {
    25          "Service": "ec2.amazonaws.com"
    26        },
    27        "Effect": "Allow",
    28        "Sid": ""
    29      }
    30    ]
    31  }
    32  EOF
    33  }
    34  ```
    35  
    36  ## Argument Reference
    37  
    38  The following arguments are supported:
    39  
    40  * `name` - (Optional, Forces new resource) The name of the role.
    41  * `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with `name`.
    42  * `assume_role_policy` - (Required) The policy that grants an entity permission to assume the role.
    43  
    44  ~> **NOTE:** This `assume_role_policy` is very similar but slightly different than just a standard IAM policy and cannot use an `aws_iam_policy` resource.  If _can_ however, use an `aws_iam_policy_document` [data source](https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html), see example below for how this could work.
    45  
    46  * `path` - (Optional) The path to the role.
    47    See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
    48  
    49  ## Attributes Reference
    50  
    51  The following attributes are exported:
    52  
    53  * `arn` - The Amazon Resource Name (ARN) specifying the role.
    54  * `create_date` - The creation date of the IAM role.
    55  * `unique_id` - The stable and unique string identifying the role.
    56  
    57  ## Example of Using Data Source for Assume Role Policy
    58  
    59  ```
    60  data "aws_iam_policy_document" "instance-assume-role-policy" {
    61    statement {
    62      actions = [ "sts:AssumeRole" ]
    63  
    64      principals {
    65        type = "Service"
    66        identifiers = ["ec2.amazonaws.com"]
    67      }
    68    }
    69  }
    70  
    71  resource "aws_iam_role" "instance" {
    72    name = "instance_role"
    73    path = "/system/"
    74    assume_role_policy = "${data.aws_iam_policy_document.instance-assume-role-policy.json}"
    75  }
    76  ```
    77  
    78  ## Import
    79  
    80  IAM Roles can be imported using the `name`, e.g.
    81  
    82  ```
    83  $ terraform import aws_iam_role.developer developer_name
    84  ```