policy_arn = "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess" } 在上述示例中,首先定义了一个名为my_role的IAM角色,并指定了信任策略。然后,使用两个aws_iam_role_policy_attachment资源分别将AmazonS3ReadOnlyAccess和AmazonDynamoDBReadOnlyAccess两个IAM策略附加到my_role角色上。 这样,在执行Terr...
然后,您可以将 IAM 策略附加到您的角色,如下所示: resource "aws_iam_role_policy_attachment" "sto-readonly-role-policy-attach" { role = "${aws_iam_role.sto-test-role.name}" policy_arn = "${data.aws_iam_policy.ReadOnlyAccess.arn}" }...
第二步是定义IAM角色,并将上一步中创建的策略附加到该角色。可以使用Terraform的aws_iam_role资源创建角色,并使用assume_role_policy服务允许角色使用策略。最后使用Terraform的aws_iam_role_policy_attachment资源将IAM策略附加到该角色。可以使用如下Terraform资源定义创建此策略。 resource "aws_iam_role" "stop_start_...
添加隐私策略:接下来,我们需要将现有的隐私策略附加到IAM角色。可以使用aws_iam_role_policy_attachment资源来实现。在腾讯云中,可以使用tencentcloud_iam_role_policy_attachment资源来实现。具体配置如下: 代码语言:txt 复制 resource "tencentcloud_iam_role_policy_attachment" "example_attachment" { role = tencent...
[iam.tf 文件] 要创建这么一个 group: "administrators"。 #group definitionresource"aws_iam_group""administrators"{ name="administrators"} 因为是 groups,故用了列表。 resource"aws_iam_policy_attachment""administrators-attach"{ name="administrators-attach"groups=[aws_iam_group.administrators.name] ...
data "aws_iam_policy_document" "assume_role_scheduling" { statement { effect = "Allow" principals { type = "Service" identifiers = ["scheduler.redshift.amazonaws.com"] } actions = ["sts:AssumeRole"] } } #create a role that has the above trust relationship attached to it, so that i...
在本文中,我们将演示如何利用 Terraform 来管理常见的 Redshift 集群操作,例如:使用 Terraform 代码创建一个新的 Redshift 预配置集群,并向其添加亚马逊云科技身份与访问管理 (AWS Identity and Access Management, IAM) 角色;为 Redshift 集群调度暂停、恢复和调整大小等操作。
Terraform Core Version 1.8.3 AWS Provider Version 5.75.1 Affected Resource(s) aws_iam_role_policies_exclusive Expected Behavior After I locked the set of policy names in an aws_iam_role_policies_exclusive resource, I would expect that ad...
role=element(concat(aws_iam_role.this.*.id, [""]),0) policy=data.aws_iam_policy_document.this[count.index].json } resource"aws_iam_role_policy_attachment""this"{ count=var.enabled?length(var.attach_policy_arns):0 role=element(concat(aws_iam_role.this.*.id, [""]),0) ...
aws_iam_role_policy_attachment.cluster_encryption resource aws_iam_role_policy_attachment.this resource aws_security_group.cluster resource aws_security_group.node resource aws_security_group_rule.cluster resource aws_security_group_rule.node resource time_sleep.this resource aws_caller_identity.current ...