Allow json key policies as input

Is your request related to a problem? Please describe.

Currently the key_statements input variable enforces a specific syntax on the user:

Lines 389 to 429 in 87be9cc

    
             dynamic "statement" { 
        
               for_each = var.key_statements 
        
               content { 
        
                 sid           = try(statement.value.sid, null) 
        
                 actions       = try(statement.value.actions, null) 
        
                 not_actions   = try(statement.value.not_actions, null) 
        
                 effect        = try(statement.value.effect, null) 
        
                 resources     = try(statement.value.resources, null) 
        
                 not_resources = try(statement.value.not_resources, null) 
        
                 dynamic "principals" { 
        
                   for_each = try(statement.value.principals, []) 
        
                   content { 
        
                     type        = principals.value.type 
        
                     identifiers = principals.value.identifiers 
        
                   } 
        
                 } 
        
                 dynamic "not_principals" { 
        
                   for_each = try(statement.value.not_principals, []) 
        
                   content { 
        
                     type        = not_principals.value.type 
        
                     identifiers = not_principals.value.identifiers 
        
                   } 
        
                 } 
        
                 dynamic "condition" { 
        
                   for_each = try(statement.value.conditions, []) 
        
                   content { 
        
                     test     = condition.value.test 
        
                     values   = condition.value.values 
        
                     variable = condition.value.variable 
        
                   } 
        
                 } 
        
               } 
        
             } 
        
           }

This prevents the user from using standard json documents for the policy and also adds redundant code to the module as this basically duplicates the aws_iam_policy_document syntax.

Describe the solution you'd like.

Allow the user to specify a policy json, see examples:

policy = jsonencode({
  "Version" : "2012-10-17",
  "Statement" : {
    "Effect" : "Allow",
    "Principal" : {
      "AWS" : "arn:aws:iam::112233445566:root"
    },
    "Action" : "kms:*",
    "Resource" : "*"
  } 
})

policy = aws_iam_policy_document.example.json

you can use source_policy_documents for this

Thanks @bryantbiggs, I must have missed it.

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

	dynamic "statement" {
	for_each = var.key_statements

	content {
	sid = try(statement.value.sid, null)
	actions = try(statement.value.actions, null)
	not_actions = try(statement.value.not_actions, null)
	effect = try(statement.value.effect, null)
	resources = try(statement.value.resources, null)
	not_resources = try(statement.value.not_resources, null)

	dynamic "principals" {
	for_each = try(statement.value.principals, [])

	content {
	type = principals.value.type
	identifiers = principals.value.identifiers
	}
	}

	dynamic "not_principals" {
	for_each = try(statement.value.not_principals, [])

	content {
	type = not_principals.value.type
	identifiers = not_principals.value.identifiers
	}
	}

	dynamic "condition" {
	for_each = try(statement.value.conditions, [])

	content {
	test = condition.value.test
	values = condition.value.values
	variable = condition.value.variable
	}
	}
	}
	}
	}