class Terracop::Cop::Aws::IamInlinePolicy

This cop warns against the use of inline group/role/user policies. Inline policies tend to be copy/pasted, sometimes with minor changes and are not shown in the “Policies” tab of AWS IAM.

@example

# bad
resource "aws_role" "role" { }

resource "aws_iam_role_policy" "policy" {
  role = aws_role.role.id
  name = "policy"

  policy = <some policy>
}

# good
resource "aws_role" "role" { }

resource "aws_iam_policy" "policy" {
  name        = "test-policy"

  policy = <some policy>
}

resource "aws_iam_role_policy_attachment" "attach" {
  role       = aws_iam_role.role.name
  policy_arn = aws_iam_policy.policy.arn
}

Public Instance Methods

check() click to toggle source
# File lib/terracop/cop/aws/iam_inline_policy.rb, line 41
def check
  entity = type.scan(/aws_iam_(.+)_policy/).first.first
  offense("Use aws_iam_#{entity}_policy_attachment instead of " \
          "attaching inline policies with aws_iam_#{entity}_policy.")
end