In this guide, you will learn to Terraform IAM role creation using step by step guide.<\/p>\n
To create a IAM role for using it with the ec2 instance you need to do the following.<\/p>\n
Here is the full terraform script to create an IAM role and instance profile with policy.<\/p>\n
To use Terraform configuration for your specific needs, you’ll need to replace the names and policy statements highlighted in bold with values that suit your requirements. You can use the AWS Policy Generator<\/a> to create the required policy document.<\/p>\n Additionally, you may want to consider converting this configuration into a module format for easier reuse and maintainability across your infrastructure.<\/p>\n To execute the script, first, you need to initialize Terraform from the folder you have the Terraform script.<\/p>\n This will download the necessary provider plugins.<\/p>\n Now execute the plan. It will show a summary of the actions Terraform intends to take and any potential issues or conflicts that it detects with your configuration.<\/p>\n If you are ok with the plan summary, you can apply the configuration using the following command.<\/p>\n Here is an example terraform script to attach an instance profile to the ec2 instance.<\/p>\n Replace instance_profile_name<\/strong> with the instance profile name you added in the terraform iam role script.<\/p>\n In this guide, we looked at IAM role provisioning using Terraform.<\/p>\n If you are working on RDS, take a look at Terraform AWS rds<\/a> provisioning guide.<\/p>\nprovider \"aws\" {\n region = \"us-west-2\"\n}\n\nvariable \"instance_profile_name\" {\n type = string\n default = \"example-instance-profile\"\n}\n\nvariable \"iam_policy_name\" {\n type = string\n default = \"example-policy\"\n}\n\nvariable \"role_name\" {\n type = string\n default = \"example-role\"\n}\n\n# Create an IAM policy\nresource \"aws_iam_policy\" \"jenkins_iam_policy\" {\n name = var.iam_policy_name\n\n policy = jsonencode({\n Version = \"2012-10-17\"\n Statement = [\n {\n Effect = \"Allow\"\n Action = [\n \"secretsmanager:GetSecretValue\",\n \"ssm:GetParameter\",\n \"ssm:GetParameters\",\n \"ssm:GetParametersByPath\"\n ]\n Resource = \"*\"\n }\n ]\n })\n}\n\n# Create an IAM role\nresource \"aws_iam_role\" \"jenkins_role\" {\n name = var.role_name\n\n assume_role_policy = jsonencode({\n Version = \"2012-10-17\"\n Statement = [\n {\n Effect = \"Allow\"\n Principal = {\n Service = \"ec2.amazonaws.com\"\n }\n Action = \"sts:AssumeRole\"\n }\n ]\n })\n}\n\n# Attach the IAM policy to the IAM role\nresource \"aws_iam_policy_attachment\" \"jenkins_role_policy_attachment\" {\n name = \"Policy Attachement\"\n policy_arn = aws_iam_policy.jenkins_iam_policy.arn\n roles = [aws_iam_role.jenkins_role.name]\n}\n\n# Create an IAM instance profile\nresource \"aws_iam_instance_profile\" \"jenkins_instance_profile\" {\n name = var.instance_profile_name\n role = aws_iam_role.jenkins_role.name\n}<\/code><\/pre>\nCreate IAM Role Using Terraform<\/h2>\n
terraform init<\/code><\/pre>\nterraform plan<\/code><\/pre>\nterraform apply --auto-approve<\/code><\/pre>\nAttach Instance Profile to ec2 Instance<\/h2>\n
resource \"aws_instance\" \"example_instance\" {\n ami = \"ami-1234567890\"\n instance_type = \"t2.micro\"\n key_name = \"key_pair_name\"\n subnet_id = \"subnet-058a7514ba8adbb07\"\n\n iam_instance_profile {\n name = instance_profile_name\n }\n\n tags = {\n Name = \"example_instance\"\n }\n}<\/code><\/pre>\nConclusion<\/h2>\n
\n