diff --git a/iam-general-policies/README.md b/iam-general-policies/README.md index d3ccbc2..f2cae30 100644 --- a/iam-general-policies/README.md +++ b/iam-general-policies/README.md @@ -30,6 +30,18 @@ module "general_full" { } ``` +# Managed Policies +This provides a number of AWS manged policies: module.general.managed\_policies[KEY] +* AdministratorAccess +* ReadOnlyAccess +* AmazonVPCFullAccess +* AWSSupportAccess +* CloudWatchAWSSupportAccess +* Billing +* NetworkAdministrator + +Custom Policies + ## Requirements No requirements. diff --git a/iam-general-policies/main.tf b/iam-general-policies/main.tf index d85fac5..9c7166e 100644 --- a/iam-general-policies/main.tf +++ b/iam-general-policies/main.tf @@ -30,6 +30,18 @@ * } * } * ``` +* +* # Managed Policies +* This provides a number of AWS manged policies: module.general.managed_policies[KEY] +* * AdministratorAccess +* * ReadOnlyAccess +* * AmazonVPCFullAccess +* * AWSSupportAccess +* * CloudWatchAWSSupportAccess +* * Billing +* * NetworkAdministrator +* +* Custom Policies */ locals { @@ -79,3 +91,4 @@ resource "aws_iam_policy" "general" { # map("Name",format("%vinf-%v", lookup(local._prefixes, "policy", ""), each.value["name"])) # ) } + diff --git a/iam-general-policies/managed_policies.tf b/iam-general-policies/managed_policies.tf index 1b30b40..59c7140 100644 --- a/iam-general-policies/managed_policies.tf +++ b/iam-general-policies/managed_policies.tf @@ -1,26 +1,12 @@ locals { managed_policies = { - "AdministratorAccess" = { - arn = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "AdministratorAccess") - } - "ReadOnlyAccess" = { - arn = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "ReadOnlyAccess") - } - "AmazonVPCFullAccess" = { - arn = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "AmazonVPCFullAccess") - } - "AWSSupportAccess" = { - arn = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "AWSSupportAccess") - } - "CloudWatchAWSSupportAccess" = { - arn = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "CloudWatchAWSSupportAccess") - } + "AdministratorAccess" = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "AdministratorAccess") + "ReadOnlyAccess" = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "ReadOnlyAccess") + "AmazonVPCFullAccess" = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "AmazonVPCFullAccess") + "AWSSupportAccess" = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "AWSSupportAccess") + "CloudWatchAWSSupportAccess" = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "CloudWatchAWSSupportAccess") - "Billing" = { - arn = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "job-function/Billing") - } - "NetworkAdministrator" = { - arn = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "job-function/NetworkAdministrator") - } + "Billing" = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "job-function/Billing") + "NetworkAdministrator" = format("arn:%v:iam::aws:policy/%v", data.aws_arn.current.partition, "job-function/NetworkAdministrator") } } diff --git a/iam-general-policies/outputs.tf b/iam-general-policies/outputs.tf index 5afc126..983cc15 100644 --- a/iam-general-policies/outputs.tf +++ b/iam-general-policies/outputs.tf @@ -1,6 +1,4 @@ -# name = { -# arn -# } +# name = arn output "managed_policies" { description = "AWS Managed Policy name to ARN mapping"