policyDocument = invoke("aws:iam:getPolicyDocument", { statements = [{ sid = "1" actions = [ "s3:ListAllMyBuckets", "s3:GetBucketLocation", ] resources = [ "arn:aws:s3:::*", ] }] }) resource example "aws:iam:Policy" { name = "example_policy" path = "/" policy = policyDocument.json }