Create ROLE with Terraform in AWS with SAML provider attached
Question
I'm currently trying to automate AWS account provisioning, and one the steps is to create IAM ROLE, with Identity provider(for federated user access). I searched, and checked Terraform documentation, but cannot find any information about creating such role, or attaching provider to a role. I can create both just fine, but they are independent. here is portion of the code:
resource "aws_iam_saml_provider" "default" {
name = "ADFS-TEST"
saml_metadata_document = "${file("../../FederationMetadata.xml")}"
}
resource "aws_iam_role" "role" {
name = "test-Admins"
}
2 answers
solution1
2 2018-01-25 17:06:25
figured out. here is full block
resource "aws_iam_saml_provider" "test" {
name = "ADFS-TEST"
saml_metadata_document = "${file("../../FederationMetadata.xml")}"
}
resource "aws_iam_role" "role" {
name = "ADFStest-Admins"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "${aws_iam_saml_provider.test.arn}"
},
"Action": "sts:AssumeRoleWithSAML",
"Condition": {
"StringEquals": {
"SAML:aud": "https://signin.aws.amazon.com/saml"
}
}
}
]
}
EOF
}
resource "aws_iam_role_policy" "admins" {
name = "Admin-Policy"
#description = "A test policy"
role = "${aws_iam_role.role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
EOF
}
solution2
0 2018-07-12 18:29:53
Thank you! It works for me.
I just change aws_iam_role_policy to use the aws_iam_role_policy_attachment:
resource "aws_iam_role_policy_attachment" "attach" {
role = "${aws_iam_role.role.name}"
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.