Skip to content

docs: Add IAM role with inline policy example #615

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Aug 27, 2025
Merged

docs: Add IAM role with inline policy example #615

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
82581fd
docs: added iam role inline policy
Kevinwochan Aug 27, 2025
2c002df
docs: added iam inline policy references to README
Kevinwochan Aug 27, 2025
f739f61
fix: Update example, add outputs
bryantbiggs Aug 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions examples/iam-role/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ Run `terraform destroy` when you don't need these resources.
| <a name="module_iam_role_circleci_oidc"></a> [iam\_role\_circleci\_oidc](#module\_iam\_role\_circleci\_oidc) | ../../modules/iam-role | n/a |
| <a name="module_iam_role_disabled"></a> [iam\_role\_disabled](#module\_iam\_role\_disabled) | ../../modules/iam-role | n/a |
| <a name="module_iam_role_github_oidc"></a> [iam\_role\_github\_oidc](#module\_iam\_role\_github\_oidc) | ../../modules/iam-role | n/a |
| <a name="module_iam_role_inline_policy"></a> [iam\_role\_inline\_policy](#module\_iam\_role\_inline\_policy) | ../../modules/iam-role | n/a |
| <a name="module_iam_role_instance_profile"></a> [iam\_role\_instance\_profile](#module\_iam\_role\_instance\_profile) | ../../modules/iam-role | n/a |
| <a name="module_iam_role_saml"></a> [iam\_role\_saml](#module\_iam\_role\_saml) | ../../modules/iam-role | n/a |
| <a name="module_iam_roles"></a> [iam\_roles](#module\_iam\_roles) | ../../modules/iam-role | n/a |
Expand Down Expand Up @@ -69,6 +70,13 @@ No inputs.
| <a name="output_github_oidc_iam_role_arn"></a> [github\_oidc\_iam\_role\_arn](#output\_github\_oidc\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
| <a name="output_github_oidc_iam_role_name"></a> [github\_oidc\_iam\_role\_name](#output\_github\_oidc\_iam\_role\_name) | The name of the IAM role |
| <a name="output_github_oidc_iam_role_unique_id"></a> [github\_oidc\_iam\_role\_unique\_id](#output\_github\_oidc\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
| <a name="output_inline_policy_iam_instance_profile_arn"></a> [inline\_policy\_iam\_instance\_profile\_arn](#output\_inline\_policy\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile |
| <a name="output_inline_policy_iam_instance_profile_id"></a> [inline\_policy\_iam\_instance\_profile\_id](#output\_inline\_policy\_iam\_instance\_profile\_id) | Instance profile's ID |
| <a name="output_inline_policy_iam_instance_profile_name"></a> [inline\_policy\_iam\_instance\_profile\_name](#output\_inline\_policy\_iam\_instance\_profile\_name) | Name of IAM instance profile |
| <a name="output_inline_policy_iam_instance_profile_unique_id"></a> [inline\_policy\_iam\_instance\_profile\_unique\_id](#output\_inline\_policy\_iam\_instance\_profile\_unique\_id) | Stable and unique string identifying the IAM instance profile |
| <a name="output_inline_policy_iam_role_arn"></a> [inline\_policy\_iam\_role\_arn](#output\_inline\_policy\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
| <a name="output_inline_policy_iam_role_name"></a> [inline\_policy\_iam\_role\_name](#output\_inline\_policy\_iam\_role\_name) | The name of the IAM role |
| <a name="output_inline_policy_iam_role_unique_id"></a> [inline\_policy\_iam\_role\_unique\_id](#output\_inline\_policy\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
| <a name="output_instance_profile_iam_instance_profile_arn"></a> [instance\_profile\_iam\_instance\_profile\_arn](#output\_instance\_profile\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile |
| <a name="output_instance_profile_iam_instance_profile_id"></a> [instance\_profile\_iam\_instance\_profile\_id](#output\_instance\_profile\_iam\_instance\_profile\_id) | Instance profile's ID |
| <a name="output_instance_profile_iam_instance_profile_name"></a> [instance\_profile\_iam\_instance\_profile\_name](#output\_instance\_profile\_iam\_instance\_profile\_name) | Name of IAM instance profile |
Expand Down
42 changes: 42 additions & 0 deletions examples/iam-role/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,48 @@ module "iam_role_saml" {
tags = local.tags
}

################################################################################
# IAM Role - Inline Policy
################################################################################

module "iam_role_inline_policy" {
source = "../../modules/iam-role"

name = "${local.name}-inline-policy"

create_instance_profile = true

trust_policy_permissions = {
ec2 = {
effect = "Allow"
actions = [
"sts:AssumeRole"
]
principals = [{
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}]
}
}

create_inline_policy = true
inline_policy_permissions = {
S3ReadAccess = {
effect = "Allow"
actions = [
"s3:GetObject",
"s3:ListBucket"
]
resources = [
"arn:aws:s3:::example-bucket",
"arn:aws:s3:::example-bucket/*"
]
}
}

tags = local.tags
}

################################################################################
# Supporting resources
################################################################################
Expand Down
39 changes: 39 additions & 0 deletions examples/iam-role/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,3 +153,42 @@ output "saml_iam_instance_profile_unique_id" {
description = "Stable and unique string identifying the IAM instance profile"
value = module.iam_role_saml.instance_profile_unique_id
}

################################################################################
# IAM Role - Inline Policy
################################################################################

output "inline_policy_iam_role_name" {
description = "The name of the IAM role"
value = module.iam_role_inline_policy.name
}

output "inline_policy_iam_role_arn" {
description = "The Amazon Resource Name (ARN) specifying the IAM role"
value = module.iam_role_inline_policy.arn
}

output "inline_policy_iam_role_unique_id" {
description = "Stable and unique string identifying the IAM role"
value = module.iam_role_inline_policy.unique_id
}

output "inline_policy_iam_instance_profile_arn" {
description = "ARN assigned by AWS to the instance profile"
value = module.iam_role_inline_policy.instance_profile_arn
}

output "inline_policy_iam_instance_profile_id" {
description = "Instance profile's ID"
value = module.iam_role_inline_policy.instance_profile_id
}

output "inline_policy_iam_instance_profile_name" {
description = "Name of IAM instance profile"
value = module.iam_role_inline_policy.instance_profile_name
}

output "inline_policy_iam_instance_profile_unique_id" {
description = "Stable and unique string identifying the IAM instance profile"
value = module.iam_role_inline_policy.instance_profile_unique_id
}