2022-07-06 13:27:17 +00:00
|
|
|
// Create a policy with multiple Condition keys
|
|
|
|
resource policy "aws:iam/policy:Policy" {
|
|
|
|
__logicalName = "policy"
|
|
|
|
path = "/"
|
|
|
|
description = "My test policy"
|
2022-07-07 20:15:47 +00:00
|
|
|
policy = toJSON({
|
|
|
|
"Version" = "2012-10-17",
|
|
|
|
"Statement" = [{
|
|
|
|
"Effect" = "Allow",
|
|
|
|
"Action" = "lambda:*",
|
|
|
|
"Resource" = "arn:aws:lambda:*:*:function:*",
|
|
|
|
"Condition" = {
|
|
|
|
"StringEquals" = {
|
|
|
|
"aws:RequestTag/Team" = [
|
|
|
|
"iamuser-admin",
|
|
|
|
"iamuser2-admin"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"ForAllValues:StringEquals" = {
|
|
|
|
"aws:TagKeys" = ["Team"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}]
|
2022-07-06 13:27:17 +00:00
|
|
|
})
|
|
|
|
}
|
2022-07-07 20:15:47 +00:00
|
|
|
|
|
|
|
output policyName { value = policy.name }
|