Skip to content

Commit

Permalink
Swap deprecated inline_policy block for aws_iam_role_policy, fix example
Browse files Browse the repository at this point in the history
  • Loading branch information
conzy committed Dec 12, 2024
1 parent 7451536 commit fd032a3
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 10 deletions.
2 changes: 1 addition & 1 deletion examples/complete/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,6 @@ data "aws_iam_policy_document" "example" {
statement {
actions = ["s3:GetObject"]
effect = "Allow"
resources = ["dynamodb:CreateTable"]
resources = ["arn:aws:s3:::amzn-s3-demo-bucket/*"]
}
}
4 changes: 2 additions & 2 deletions examples/complete/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ variable "enabled" {
}

variable "enterprise_slug" {
default = false
default = ""
description = "Enterprise slug for GitHub Enterprise Cloud customers."
type = bool
type = string
}

variable "force_detach_policies" {
Expand Down
13 changes: 6 additions & 7 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -32,14 +32,13 @@ resource "aws_iam_role" "github" {
permissions_boundary = var.iam_role_permissions_boundary
tags = var.tags

dynamic "inline_policy" {
for_each = var.iam_role_inline_policies
}

content {
name = inline_policy.key
policy = inline_policy.value
}
}
resource "aws_iam_role_policy" "inline_policies" {
for_each = { for k, v in var.iam_role_inline_policies : k => v if var.enabled }
name = each.key
policy = each.value
role = aws_iam_role.github[0].id
}

resource "aws_iam_role_policy_attachment" "admin" {
Expand Down

0 comments on commit fd032a3

Please sign in to comment.