Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 地形:将aws_iam_角色与aws_iam_策略关联_Amazon Web Services_Amazon Iam_Terraform - Fatal编程技术网
Fatal编程技术网

Amazon web services 地形:将aws_iam_角色与aws_iam_策略关联

amazon-web-services terraform

Amazon web services 地形:将aws_iam_角色与aws_iam_策略关联,amazon-web-services,amazon-iam,terraform,Amazon Web Services,Amazon Iam,Terraform,通读并很难了解如何将aws_iam_角色与aws_iam_策略关联。显然有aws\u iam\u role\u policy,但这只允许为特定角色制定“内联策略” 有什么建议吗?按照以下步骤操作: 步骤1)创建要与aws角色关联的策略 步骤2)创建aws角色,如下所示: i. Set role name. ii. Set role type according to your preference. iii. Attach the policy which you have created

通读并很难了解如何将
aws_iam_角色
aws_iam_策略
关联。显然有
aws\u iam\u role\u policy
,但这只允许为特定角色制定“内联策略”

有什么建议吗?

按照以下步骤操作:

步骤1)创建要与aws角色关联的策略

步骤2)创建aws角色,如下所示:

i. Set role name.

ii. Set role type according to your preference.

iii. Attach the policy which you have created in step1.

iv. Review and create the role.
希望有帮助……

允许在IAM策略和各种其他IAM对象之间创建连接

例如:

resource "aws_iam_role" "foo" {
    name = "example-role"
}

resource "aws_iam_policy" "foo" {
    name = "example-policy"
    description = "An example policy"
    policy = "..."
}

resource "aws_iam_policy_attachment" "foo" {
    name = "example-attachment"
    policy_arn = "${aws_iam_policy.foo.arn}"
    roles = ["${aws_iam_role.foo.name}"]
}
策略也可以附加到用户和组,如Terraform文档页面所示。

我要做的是创建一个角色和策略,然后附加它们,如Martin Atkins的回答所示

resource "aws_iam_role" "context-builder-role" {
  name = "context-builder-role-${terraform.workspace}"

  assume_role_policy = <<EOF
{
     "Version": "2012-10-17",
     "Statement": [
       {
         "Action": "sts:AssumeRole",
         "Principal": {
         "Service": "lambda.amazonaws.com"
       },
         "Effect": "Allow",
         "Sid": ""
       }
     ]
}
EOF
}

resource "aws_iam_policy" "arm_cfs_sqs_queue_policy" {

  name = "starmine-inline-policy-${terraform.workspace}"

  policy = <<EOF
{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Action": [
               "logs:CreateLogGroup",
               "logs:CreateLogStream",
               "logs:PutLogEvents"
           ],
           "Resource": "arn:aws:logs:*:*:*"
       },
       {
           "Action": [
               "sqs:SendMessage",
               "sqs:GetQueueUrl",
               "sqs:DeleteMessage"
           ],
           "Effect": "Allow",
           "Resource": "arn:aws:sqs:*"
       }
   ]
}
EOF
}

resource "aws_iam_role_policy_attachment" "inline-policy-attach" {
  role       = aws_iam_role.context-builder-role.name
  policy_arn = aws_iam_policy.arm_cfs_sqs_queue_policy.arn
}
谢谢你的回复。有没有办法在地形中指定这一点? 
resource "aws_iam_role_policy_attachment" "s3-read-only-attach" {
  role       = aws_iam_role.context-builder-role.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
}