IAM Policy Inline
π¦ Overviewβ
This Terraform module provisions an inline IAM policy attached directly to a specific IAM user.
Itβs ideal for defining one-off, tightly scoped permissions that donβt need to be reused across multiple identities.
β Key Featuresβ
- Attaches a custom inline policy to a single IAM user
- Accepts full JSON-formatted policy as input
- Enables fine-grained access control for individual users
- Supports tagging with environment metadata
πΌ Use Casesβ
- Granting narrow S3 access to a data pipeline user
- Assigning custom permissions for app-specific developers
- Temporary or single-purpose IAM user access
- Managing least-privilege access models
π₯ Input Variablesβ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region for the IAM user |
| user_name | string | Name of the IAM user to receive the inline policy |
| policy_name | string | Name of the inline policy to be created |
| policy_document | string | JSON policy document string (IAM policy syntax) |
| environment | string | Tag to specify the deployment environment (e.g., dev, staging, prod) |
π€ Outputsβ
| Name | Description |
|---|---|
| user_name | The IAM user that received the inline policy |
| policy_name | The name of the applied inline policy |
π Deployment Readinessβ
- β Compatible with Terraform 1.0+
- β Tested with AWS provider 5.x
- π§ͺ Requires existing IAM user and permissions to attach inline policies
π οΈ Example Usageβ
module "iam-policy-inline-deployment" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//identity/iam-policy-inline?ref=v1.0.0"
region = "us-east-1"
user_name = "analytics-app-user"
policy_name = "inline-analytics-access"
policy_document = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::analytics-data-bucket/*"
}
]
}
EOF
environment = "dev"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
π§Ή Cleanup Optionsβ
Terraform Destroy (for test environments):
terraform destroy
or
tofu destroy
Manual Deletion (production):
aws iam delete-user-policy \
--user-name analytics-app-user \
--policy-name inline-analytics-access
π‘οΈ Notesβ
This is a Level 1 IAM security module for user-specific policy attachment. For reusable, attachable policies across users or roles, use:
iam-policy-managed iam-group-policy-attachment
π Deployment Package Noticeβ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.