Closed1
managed_policy_arns の置き換え
sogaohbefore
resource "aws_iam_role" "oidc" {
name = var.oidc_role_name
assume_role_policy = data.aws_iam_policy_document.oidc.json
managed_policy_arns = [
"arn:aws:iam::aws:policy/ReadOnlyAccess",
aws_iam_policy.required_authority.arn,
aws_iam_policy.kms_decrypt_policy.arn,
aws_iam_policy.secret_manager_read_policy.arn,
]
}
after
resource "aws_iam_role" "oidc" {
name = var.oidc_role_name
assume_role_policy = data.aws_iam_policy_document.oidc.json
}
resource "aws_iam_role_policy_attachment" "this" {
for_each = {
readonly = "arn:aws:iam::aws:policy/ReadOnlyAccess"
required = aws_iam_policy.tf_store_read.arn
kms = aws_iam_policy.kms_decrypt.arn
secret = aws_iam_policy.secret_manager_read.arn
}
role = aws_iam_role.oidc.name
policy_arn = each.value
}
このスクラップは2025/01/18にクローズされました