class Terracop::Cop::Aws::IamPolicyAttachment
This cop warns against the use of an evil all encompassing aws_iam_policy_attachment.
@example
# bad resource "aws_iam_policy_attachment" "attach" { name = "test-attachment" policy_arn = aws_iam_policy.policy.arn users = [aws_iam_user.user.name] roles = [aws_iam_role.role.name] groups = [aws_iam_group.group.name] } # good resource "aws_iam_role_policy_attachment" "attach" { role = aws_iam_role.role.name policy_arn = aws_iam_policy.policy.arn } resource "aws_iam_user_policy_attachment" "attach" { user = aws_iam_user.user.name policy_arn = aws_iam_policy.policy.arn } resource "aws_iam_group_policy_attachment" "attach" { group = aws_iam_group.user.name policy_arn = aws_iam_policy.policy.arn }
Public Instance Methods
check()
click to toggle source
# File lib/terracop/cop/aws/iam_policy_attachment.rb, line 40 def check offense('Use aws_iam_role_policy_attachment, ' \ 'aws_iam_user_policy_attachment, or ' \ 'aws_iam_group_policy_attachment instead.') end