When establishing infrastructure on the AWS cloud, Identity and Access Management (IAM) is among the first and most critical services to configure. IAM facilitates the creation and management of user accounts, groups, roles, policies, and other access controls. The Nautilus DevOps team is currently in the process of configuring these resources and has outlined the following requirements.
Create an IAM policy named iampolicy_ravi in us-east-1 region using Terraform. It must allow read-only access to the EC2 console, i.e., this policy must allow users to view all instances, AMIs, and snapshots in the Amazon EC2 console.
The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.
Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.
Create a main.tf file with the following contents:
resource "aws_iam_policy" "policy" {
name = var.policy_name
path = "/"
description = "My test policy"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"ec2:Describe*",
]
Effect = "Allow"
Resource = "*"
},
]
})
tags = {
Name = var.policy_name
}
}
Let’s define the variable by creating a variables.tf file:
variable "policy_name" {
default = "iampolicy_ravi"
}
Make sure you have changed the value here according to your task description
Run the terraform commands:
terraform init
terraform plan
terraform apply -auto-approve