mirror of
https://github.com/opentffoundation/opentf.git
synced 2026-03-08 04:02:25 -04:00
36d0e6690d
In this example, principal "AWS": "*" tells IAM that any user in the world can assume that role as long as they know the account ID + role name. In my testing, "Service": "ec2.amazonaws.com" is sufficiently permissive to allow the instance_profile to work without allowing global accesses.
1.6 KiB
1.6 KiB
layout, page_title, sidebar_current, description
| layout | page_title | sidebar_current | description |
|---|---|---|---|
| aws | AWS: aws_iam_instance_profile | docs-aws-resource-iam-instance-profile | Provides an IAM instance profile. |
aws_iam_instance_profile
Provides an IAM instance profile.
Example Usage
resource "aws_iam_instance_profile" "test_profile" {
name = "test_profile"
roles = ["${aws_iam_role.role.name}"]
}
resource "aws_iam_role" "role" {
name = "test_role"
path = "/"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
Argument Reference
The following arguments are supported:
name- (Optional, Forces new resource) The profile's name.name_prefix- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts withname.path- (Optional, default "/") Path in which to create the profile.roles- (Required) A list of role names to include in the profile.
Attribute Reference
-
id- The instance profile's ID. -
arn- The ARN assigned by AWS to the instance profile. -
create_date- The creation timestamp of the instance profile. -
name- The instance profile's name. -
path- The path of the instance profile in IAM. -
roles- The list of roles assigned to the instance profile. -
unique_id- The unique ID assigned by AWS.