aws_iam_policy, single resource, multiple data documents
347 views
Skip to first unread message
Duane Haas
Jun 28, 2017, 10:35:58 PM6/28/17
to Terraform
I have the following main.tf:
my issue is with main.tf, i'm unsure how to iterate through each of the different template files. right now it iterates through and creates several policies all based on "${data.template_file.network_assume.rendered}" i want it to not only run an iteration based on that, but all other template file names inside the data document. also need like a list or map of the different data.templates to cycle through, just now sure how to make it work.
#Role that gets created in in identity account that okta uses to map AD groups to Roles in AWS
resource "aws_iam_role" "create_identity_role" {
count = "${length(var.team_name)}"
name = "${lookup(var.identity_role_name,element(var.team_name, count.index))}"
assume_role_policy = "${data.aws_iam_policy_document.trustokta.json}"
}
#Role that gets created in each of the accounts that will determine what it is a user will be able to do inside AWS
resource "aws_iam_role" "create_assume_role" {
count = "${length(var.team_name)}"
name = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
assume_role_policy = "${data.aws_iam_policy_document.trustawsaccount.json}"
}
#Policy that gets created in the identity account which tells AWS which role to assume in a different account
resource "aws_iam_policy" "create_assume_policy" {
count = "${length(var.team_name)}"
name = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
policy = "${data.template_file.network_assume.rendered}"
}
#Tie my role and policies together
resource "aws_iam_role_policy_attachment" "attach_assume_policy" {
count = "${length(var.team_name)}"
role = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
policy_arn = "${element(aws_iam_policy.create_assume_policy.*.arn, count.index)}"
}
My policy document looks like:
data "template_file" "platform_assume" {
template = "${file("../policy_documents/identity/platform_assume.tpl")}"
}
data "template_file" "network_assume" {
template = "${file("../policy_documents/identity/network_assume.tpl")}"
}
data "template_file" "workstation_assume" {
template = "${file("../policy_documents/identity/workstation_assume.tpl")}"
}
data "template_file" "tradeops_assume" {
template = "${file("../policy_documents/identity/tradeops_assume.tpl")}"
}
data "template_file" "investments_assume" {
template = "${file("../policy_documents/identity/investments_assume.tpl")}"
}
data "template_file" "marketingdist_assume" {
template = "${file("../policy_documents/identity/marketingdist_assume.tpl")}"
}
my issue is with main.tf, i'm unsure how to iterate through each of the different template files. right now it iterates through and creates several policies all based on "${data.template_file.network_assume.rendered}" i want it to not only run an iteration based on that, but all other template file names inside the data document. also need like a list or map of the different data.templates to cycle through, just now sure how to make it work.
Reply all
Reply to author
Forward
0 new messages