How to create roles in Terraform?

Question

I need to create an AWS IAM Role with Terraform but get error after running terraform apply. Below is the error code:

aws_iam_role.role: Error Updating IAM Role (edb_eb_role) Assume Role Policy: MalformedPolicyDocument: Has prohibited field Resource

Any suggestion would be appreciated.

Answer 1

Here Assume role policy does not accept the AWS policy JSON files,

You can update your code with the below sample code:

variable policy_arn{

    default = "arn:aws:iam::aws:policy/service-role/AWSLambdaRole"

}

resource "aws_iam_role" "edb_role" {

name = "edb_role"

  assume_role_policy = <<EOF

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Action": "sts:AssumeRole",

      "Principal": {

        "Service": ["ec2.amazonaws.com" ]

      },

      "Effect": "Allow",

      "Sid": ""

    }

  ]

}

EOF

}

resource "aws_iam_role_policy_attachment" "test-attach" {

    role       = "${aws_iam_role.edb_role.name}"

    policy_arn = "${var.policy_arn}"

}

output "role" {

  value = "${aws_iam_role.edb_role.name}"

}

Interested in learning AWS? Check out: AWS Training

Check out our video tutorial to know more about the Terraform.