policy_type
Type of policy to create. Valid values: iam (standard IAM policy), scp (Service Control Policy for Organizations), boundary (Permission Boundary).
Policy Types
The module supports three types of access policies:
IAM Policy (iam)
Standard IAM policies that can be attached to users, groups, or roles. Use for granting permissions within a single AWS account.
policy_type = "iam"
Service Control Policy (scp)
Organization-level policies that define the maximum permissions for member accounts. SCPs don’t grant permissions but set guardrails.
policy_type = "scp"
Permission Boundary (boundary)
Advanced feature that sets the maximum permissions an IAM entity can have. Even if a policy grants broader access, the boundary limits what’s actually permitted.
policy_type = "boundary"
Choosing the Right Type
| Use Case | Recommended Type |
|---|---|
| Grant permissions to a role | iam |
| Enforce organization-wide restrictions | scp |
| Delegate IAM administration safely | boundary |
| Restrict developer-created roles | boundary |
Full Module Example
module "access_policy" {
source = "registry.patterneddesigns.ca/governance/access-policy/aws"
version = "0.1.0"
# policy_type
policy_type = "..."
# Other required inputs
policy_name = "..."
}