data "aws_caller_identity" "current" {} resource "aws_s3_bucket" "b" { bucket = "tf-test-bucket" acl = "private" } resource "aws_iam_role" "test_role" { name = "test_role" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "AWS": "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root" }, "Effect": "Allow" } ] } EOF } data "aws_iam_policy_document" "test_policy" { statement { actions = [ "s3:ListBucket", ] resources = [ aws_s3_bucket.b.arn, ] } } resource "aws_iam_policy" "test_policy" { name = "test_policy" path = "/" policy = data.aws_iam_policy_document.test_policy.json } resource "aws_iam_role_policy_attachment" "test-attach" { role = aws_iam_role.test_role.name policy_arn = aws_iam_policy.test_policy.arn } output "role_arn" { value = aws_iam_role.test_role.arn } output "bucket" { value = aws_s3_bucket.b.id }