Skip to main content

Lab 40: Policy Variable Setup Using Terraform

The Nautilus DevOps team is automating IAM policy creation using Terraform to enhance security and access management. As part of this task, they need to create an IAM policy with specific requirements.

For this task, create an AWS IAM policy using Terraform with the following requirements:

  1. The IAM policy name iampolicy_rose should be stored in a variable named KKE_iampolicy.

Note:

  1. The configuration values should be stored in a variables.tf file.

  2. The Terraform script should be structured with a main.tf file referencing variables.tf.

  3. The Terraform working directory is /home/bob/terraform.

  4. Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.

# /home/bob/terraform/variables.tf

variable "KKE_iampolicy" {
  description = "The name for the IAM Policy."
  type        = string
  default     = "iampolicy_rose"
}
# /home/bob/terraform/main.tf

# 1. Define the permissions structure for the policy
data "aws_iam_policy_document" "rose_policy_doc" {
  statement {
    sid = "AllowS3ReadOnly"

    actions = [
      "s3:GetObject",
      "s3:ListBucket",
    ]

    resources = [
      "arn:aws:s3:::*", # Allows access to all S3 resources
      "arn:aws:s3:::*/*",
    ]
  }
}

# 2. Create the IAM Policy resource
resource "aws_iam_policy" "rose_read_only" {
  # The name property uses the variable defined in variables.tf
  name        = var.KKE_iampolicy
  description = "S3 Read-Only Policy for Rose"
  
  # The policy content is generated by the data block above
  policy = data.aws_iam_policy_document.rose_policy_doc.json
}
terraform init
# or apply forcefully without creating plan and applying it
terraform apply -auto-approve