202203290844 - What do I need to be able to assume role with terraform

What do I need to be able to assume role with terraform

You are only able make one assume_role_policy per role

Problema com terraform IAM roles:
https://github.com/hashicorp/terraform-provider-aws/issues/10419

Como criar um IAM Role com Terraform permitindo assume role

1. Define a política num policy document

data "aws_iam_policy_document" "document_x" {
  statement {  
    sid = “STSassumeRole”  
    effect = “Allow”  
    actions = [“sts:AssumeRole”]  
    principals {  
	  type = “Service”  
	  identifiers = [“codebuild.amazonaws.com”]  
    }  
  }
}

2. Cria um Role com a politica do documento criado

resource "aws_iam_role"{
	assume_role_policy = data.aws_iam_policy_document.document_x.json
}

3. Cria uma policy

resource “aws_iam_policy” “codebuild” {  
  name = “custom-CodeBuild-policy”  
  policy = data.aws_iam_policy_document.codebuild.json  
}

4. Faz um Attachment

resource “aws_iam_role_policy_attachment” “codebuild” {  
  role = aws_iam_role.codebuild.name  
  policy_arn = aws_iam_policy.codebuild.arn  
}

202201181349 - Sagemaker - Problems