Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
This is an AWS IAM policy to provide restricted access to Terraform to communicate with the backend resources -AWS S3 bucket and dynamoDB table
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:DeleteItem",
"dynamodb:GetItem"
],
"Resource": "arn:aws:dynamodb:$(Region):$(AWSAccountNumber):table/$(BackendLockTableName)"
},
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::$(BackendBucketName)"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::$(BackendBucketName)/$(PathToTFStateFile)"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment