I am creating an IAM role for task execution. I have already done in cloudformation and now I am doing it in terraform but the problem that I am stuck on is in cloudformation there is an attribute to give ManagedPolicyArns
but how would you give it in terraform. I am attaching both the scripts. Terraform script is incomplete in which I need help while cloudformation script is complete and I want to replicate it to terraform.
Terraform:
resource "aws_iam_role" "task_execution" {
name = "task-execution-${terraform.workspace}"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Effect": "Allow",
"Sid": "",
"path": "/",
}
]
}
EOF
tags = {
tag-key = "tag-value"
}
}
Cloudformation
---
AWSTemplateFormatVersion: 2010-09-09
Parameters:
Env:
Type: String
Resources:
ExRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ecs-tasks.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
RoleName: !Sub "excutionrole-${Env}"
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
Policies:
- PolicyName: AccessECR
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ecr:BatchGetImage
- ecr:GetAuthorizationToken
- ecr:GetDownloadUrlForLayer
Resource: '*'