Intellipaat Back

Explore Courses Blog Tutorials Interview Questions
0 votes
2 views
in AWS by (19.1k points)

I've got this so far:

data "aws_iam_policy" "config_role" { 

  arn = "arn:aws:iam::aws:policy/service_role/AWSConfigRole"

}

But I'm not sure how to attach this to a group.

1 Answer

0 votes
by (44.4k points)

As mentioned in the aws_iam_policy_attachment resource docs this resource creates an exclusive attachment of that policy to specified users, groups and roles and isn't normally what you want so I'd recommend the aws_iam_group_policy_attachment resource.

It will look like this:

resource "aws_iam_group" "aws_config_group" {

  name = "AWSConfigGroup"

  path = "/"

}

resource "aws_iam_group_policy_attachment" "aws_config_attach" {

  group      = "${aws_iam_group.aws_config_group.name}"

  policy_arn = "arn:aws:iam::aws:policy/service_role/AWSConfigRole"

}

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

0 votes
1 answer

31k questions

32.8k answers

501 comments

693 users

Browse Categories

...