Added iam policy (#15)

52656bbc · Ramakanta Routray · Anton Babenko · d62678bc · 52656bbc · 52656bbc
Commit 52656bbc authored Feb 19, 2019 by Ramakanta Routray Committed by Anton Babenko Feb 19, 2019
9 changed files
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@ These types of resources are supported:
 * [IAM user login profile](https://www.terraform.io/docs/providers/aws/r/iam_user_login_profile.html)
 * [IAM group](https://www.terraform.io/docs/providers/aws/r/iam_group.html)
 * [IAM role](https://www.terraform.io/docs/providers/aws/r/iam_role.html)
+* [IAM policy](https://www.terraform.io/docs/providers/aws/r/iam_policy.html)
 * [IAM access key](https://www.terraform.io/docs/providers/aws/r/iam_access_key.html)
 * [IAM SSH public key](https://www.terraform.io/docs/providers/aws/r/iam_user_ssh_key.html)

@@ -60,6 +61,20 @@ module "iam_user" {
 }
 ```

+`iam-policy`:
+```hcl
+module "iam_policy" {
+  source = "terraform-aws-modules/iam/aws//modules/iam-policy"
+
+  name = "example"
+  path = "/"
+  description = "My example policy"
+
+  policy ="path/to/policy_file"
+  }
+}
+```
+
 `iam-group-with-assumable-roles-policy`:
 ```hcl
 # todo
@@ -97,12 +112,17 @@ Terraform can't configure MFA for the user. It is only possible via [AWS Console

 [iam-assumable-roles module](https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/modules/iam-assumable-roles) can be configured to require valid MFA token when different roles are assumed (for example, admin role requires MFA, but readonly - does not).

+### Create IAM Policies
+
+Use [iam-policy module](https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/modules/iam-policy) module to manage IAM policy.
+
 ## Examples

 * [complete](https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/modules/complete) - Create all required resources to allow one group of users to assume privileged role, while another group of users can only assume readonly role.
 * [iam-account](https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/examples/iam-account) - Set AWS account alias and password policy
 * [iam-assumable-roles](https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/examples/iam-assumable-roles) - Create IAM roles which can be assumed from specified ARNs (AWS accounts, IAM users, etc)
 * [iam-user](https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/examples/iam-user) - Add IAM user, login profile and access keys
+* [iam-policy](https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/examples/iam-policy) - Create IAM policy

 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

--- a/examples/iam-policy/README.md
+++ b/examples/iam-policy/README.md
+# IAM user example
+
+Configuration in this directory creates IAM policy.
+
+# Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| id | The policy's ID |
+| arn | The ARN assigned by AWS to this policy |
+| description | The description of the policy |
+| name | The name of the policy |
+| path | The path of the policy in IAM |
+| policy | The policy document |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
--- a/examples/iam-policy/main.tf
+++ b/examples/iam-policy/main.tf
+provider "aws" {
+  region = "eu-west-1"
+}
+
+#########################################
+# IAM policy
+#########################################
+module "iam_policy" {
+  source = "../../modules/iam-policy"
+
+  name = "example"
+  path = "/"
+  description = "My example policy"
+
+  policy ="./policy.tpl"
+  }
--- a/examples/iam-policy/outputs.tf
+++ b/examples/iam-policy/outputs.tf
+output "id" {
+  description = "The policy's ID"
+  value = "${module.iam_policy.id}"
+}
+
+output "arn" {
+  description = "The ARN assigned by AWS to this policy"
+  value = "${module.iam_policy.arn}"
+}
+
+output "description" {
+  description = "The description of the policy"
+  value = "${module.iam_policy.description}"
+}
+
+output "name" {
+  description = "The name of the policy"
+  value = "${module.iam_policy.name}"
+}
+
+output "path" {
+  description = "The path of the policy in IAM"
+  value = "${module.iam_policy.path}"
+}
+
+output "policy" {
+  description = "The policy document"
+  value = "${module.iam_policy.policy}"
+}
--- a/examples/iam-policy/policy.tpl
+++ b/examples/iam-policy/policy.tpl
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "ec2:Describe*"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
--- a/modules/iam-policy/README.md
+++ b/modules/iam-policy/README.md
+# iam-policy
+
+Creates IAM policy.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| name | The name of the policy | string | `` | no |
+| path | The path of the policy in IAM | string | `/` | no |
+| description | The description of the policy | string | `IAM Policy` | no |
+| policy | The path of the policy in IAM (tpl file) | string | `` | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| id | The policy's ID |
+| arn | The ARN assigned by AWS to this policy |
+| description | The description of the policy |
+| name | The name of the policy |
+| path | The path of the policy in IAM |
+| policy | The policy document |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
--- a/modules/iam-policy/main.tf
+++ b/modules/iam-policy/main.tf
+
+data "template_file" "policy" {
+    template = "${file("${var.policy}")}"
+}
+
+resource "aws_iam_policy" "policy" {
+  name        = "${var.name}"
+  path        = "${var.path}"
+  description = "${var.description}"
+
+  policy = "${data.template_file.policy.rendered}"
+}
--- a/modules/iam-policy/outputs.tf
+++ b/modules/iam-policy/outputs.tf
+output "id" {
+  description = "The policy's ID"
+  value = "${aws_iam_policy.policy.id}"
+}
+
+output "arn" {
+  description = "The ARN assigned by AWS to this policy"
+  value = "${aws_iam_policy.policy.arn}"
+}
+
+output "description" {
+  description = "The description of the policy"
+  value = "${aws_iam_policy.policy.description}"
+}
+
+output "name" {
+  description = "The name of the policy"
+  value = "${aws_iam_policy.policy.name}"
+}
+
+output "path" {
+  description = "The path of the policy in IAM"
+  value = "${aws_iam_policy.policy.path}"
+}
+
+output "policy" {
+  description = "The policy document"
+  value = "${aws_iam_policy.policy.policy}"
+}
--- a/modules/iam-policy/variables.tf
+++ b/modules/iam-policy/variables.tf
+variable "name" {
+  description = "The name of the policy"
+  type = "string"
+  default = ""
+}
+
+variable "path" {
+  description = "The path of the policy in IAM"
+  type = "string"
+  default = "/"
+}
+
+variable "description" {
+  description = "The description of the policy"
+  default = "IAM Policy"
+}
+
+variable "policy" {
+  description = "The path of the policy in IAM (tpl file)"
+  type = "string"
+  default = ""
+}