AWS IAM Group Policy
This page shows how to write Terraform and CloudFormation for IAM Group Policy and write them securely.
aws_group_policy (Terraform)
The Group Policy in IAM can be configured in Terraform with the resource name aws_group_policy
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
policy
- (Required) The policy document. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guidename
- (Optional) The name of the policy. If omitted, Terraform will assign a random, unique name.name_prefix
- (Optional) Creates a unique name beginning with the specified prefix. Conflicts withname
.group
- (Required) The IAM group to attach to the policy.
In addition to all arguments above, the following attributes are exported:
id
- The group policy ID.group
- The group to which this policy applies.name
- The name of the policy.policy
- The policy document attached to the group.
Explanation in Terraform Registry
Provides an IAM policy attached to a group.
Tips: Best Practices for The Other AWS IAM Resources
In addition to the aws_iam_account_password_policy, AWS IAM has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_iam_account_password_policy
Ensure AWS IAM account password policies requires long passwords
It's better to enforce the use of long and complex passwords to reduce the risk of bruteforce attacks.
AWS::IAM::Group Policy (CloudFormation)
The Group Policy in IAM can be configured in CloudFormation with the resource name AWS::IAM::Group Policy
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
PolicyDocument
The policy document.
Required: Yes
Type: Json
Minimum: 1
Maximum: 131072
Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+
Update requires: No interruption
PolicyName
The friendly name (not ARN) identifying the policy.
Required: Yes
Type: String
Minimum: 1
Maximum: 128
Pattern: [\w+=,.@-]+
Update requires: No interruption
Explanation in CloudFormation Registry
Contains information about an attached policy.
An attached policy is a managed policy that has been attached to a user, group, or role.
For more information about managed policies, see Managed Policies and Inline Policies in the IAM User Guide.