I am looking to create an IAM role that would be able to access to s3 service using the following syntax:
resource "aws_iam_role" "ec2_s3_fullAccess" {
name = "prod_ec2_s3_fullAccess"
path = "/"
assume_role_policy = data.aws_iam_policy_document.s3_access.json
}
resource "aws_iam_role_policy_attachment" "test-attach" {
role = aws_iam_role.ec2_s3_fullAccess.name
policy_arn = data.aws_iam_policy.s3_access.arn
}
resource "aws_iam_role_policy_attachment" "ec2-read-only-policy-attachment" {
role = "${aws_iam_role.ec2_iam_role.name}"
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"
}
data "aws_iam_policy_document" "s3_access" {
statement {
sid = "SidToOverride"
actions = ["s3:*"]
resources = ["*"]
}
}
data "aws_iam_policy" "s3_access" {
arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
}
However, I get the following error message:
Error creating IAM Role prod_ec2_s3_fullAccess: MalformedPolicyDocument: Has prohibited field Resource │ status code: 400, request id: dddb80c9-77a1-4ac3-b54a-4fab751f11db │ │ with module.usersgroups.aws_iam_role.ec2_s3_fullAccess, │ on ..\modules\iam\resources.tf line 88, in resource "aws_iam_role" "ec2_s3_fullAccess": │ 88: resource "aws_iam_role" "ec2_s3_fullAccess" {