aws.iam-role-policy resource¶
Description¶
RolePolicy manages an inline policy embedded in an IAM role. The role name and policy name form the identity, so a change to either makes a different policy and recreates this one; the policy document is the permission set and is updated in place. A single PutRolePolicy both creates and overwrites the named policy, so Create and Update share it.
IAM validates the role name (1-128 characters, the set [\w+=,.@-], and the role's name rather than its ARN) and the policy name (1-128 characters, the set [\w+=,.@-]). These are left to IAM rather than declared as constraints: the character-set rule needs a regex match the constraint vocabulary cannot express, the length bound counts bytes where IAM counts characters, and the "name not ARN" rule has no field to branch on.
Source: internal/service/iam/role_policy_rsrc.go:28
Example usage:
imports: {
aws: 'github.com/cloudboss/unobin-library-aws'
}
resources: {
example: aws.iam-role-policy {
# Set input fields here.
}
}
Inputs¶
role-name
string
policy-name
string
policy-document
string
Input Constraints¶
This kind declares no extra input constraints.
Outputs¶
role-name
string
policy-name
string
policy-document
string