Creates an IAM Policy for use with Glue that can read from any bucket and use any KMS key.
module "glue_iam_policy" {
source = "dod-iac/glue-iam-policy/aws"
name = "glue-iam-policy"
buckets = ["*"]
keys = ["*"]
tags = {
Automation = "Terraform"
}
}
Creates an IAM Policy for use with Glue that can read from a specific bucket and use any KMS key.
module "glue_iam_policy" {
source = "dod-iac/glue-iam-policy/aws"
name = format("app-%s-glue-%s", var.application, var.environment)
buckets = [aws_s3_bucket.main.arn]
keys = ["*"]
tags = {
Application = var.application
environment = var.environment
Automation = "Terraform"
}
}
Terraform 0.13. Pin module version to ~> 1.0.0 . Submit pull-requests to master branch.
Terraform 0.11 and 0.12 are not supported.
This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.
Name | Version |
---|---|
terraform | >= 0.13 |
aws | ~> 3.0 |
Name | Version |
---|---|
aws | ~> 3.0 |
No modules.
Name | Type |
---|---|
aws_iam_policy.main | resource |
aws_iam_policy_document.main | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
buckets | The ARNs of the AWS S3 buckets the policy is allowed to read from. Use ["*"] to allow all buckets. | list(string) |
[] |
no |
databases | The ARNs of the AWS Glue Databases. Use ["*"] to allow all databases. | list(string) |
[] |
no |
description | The description of the AWS IAM policy. | string |
"" |
no |
keys | The ARNs of the AWS KMS keys the policy is allowed to use to decrypt files. Use ["*"] to allow all keys. | list(string) |
[] |
no |
name | The name of the AWS IAM policy. | string |
n/a | yes |
tags | Tags applied to the AWS IAM policy. | map(string) |
{} |
no |
Name | Description |
---|---|
arn | The Amazon Resource Name (ARN) of the AWS IAM Policy. |
name | The name of the AWS IAM Policy. |